Dankirk / Cve 2017 0065
Exploiting Edge's read:// urlhandler
Stars: ✭ 15
Projects that are alternatives of or similar to Cve 2017 0065
CVE-2019-8449
CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4
Stars: ✭ 66 (+340%)
Mutual labels: exploit, vulnerability, cve
cve-2016-1764
Extraction of iMessage Data via XSS
Stars: ✭ 52 (+246.67%)
Mutual labels: exploit, vulnerability, cve
Labs
Vulnerability Labs for security analysis
Stars: ✭ 1,002 (+6580%)
Mutual labels: exploit, vulnerability, cve
vulristics
Extensible framework for analyzing publicly available information about vulnerabilities
Stars: ✭ 46 (+206.67%)
Mutual labels: exploit, vulnerability, cve
Vbscan
OWASP VBScan is a Black Box vBulletin Vulnerability Scanner
Stars: ✭ 295 (+1866.67%)
Mutual labels: exploit, vulnerability
Faraday
Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.
Stars: ✭ 3,198 (+21220%)
Mutual labels: vulnerability, cve
V3n0m Scanner
Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
Stars: ✭ 847 (+5546.67%)
Mutual labels: exploit, vulnerability
Hardware And Firmware Security Guidance
Guidance for the Spectre, Meltdown, Speculative Store Bypass, Rogue System Register Read, Lazy FP State Restore, Bounds Check Bypass Store, TLBleed, and L1TF/Foreshadow vulnerabilities as well as general hardware and firmware security guidance. #nsacyber
Stars: ✭ 408 (+2620%)
Mutual labels: vulnerability, cve
Ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
Stars: ✭ 4,808 (+31953.33%)
Mutual labels: exploit, vulnerability
Vfeed
The Correlated CVE Vulnerability And Threat Intelligence Database API
Stars: ✭ 826 (+5406.67%)
Mutual labels: vulnerability, cve
Penetration testing poc
渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
Stars: ✭ 3,858 (+25620%)
Mutual labels: cve, exploit
Iblessing
iblessing is an iOS security exploiting toolkit, it mainly includes application information collection, static analysis and dynamic analysis. It can be used for reverse engineering, binary analysis and vulnerability mining.
Stars: ✭ 326 (+2073.33%)
Mutual labels: exploit, vulnerability
Cve 2019 1003000 Jenkins Rce Poc
Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)
Stars: ✭ 270 (+1700%)
Mutual labels: exploit, cve
A Red Teamer Diaries
RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
Stars: ✭ 382 (+2446.67%)
Mutual labels: exploit, vulnerability
Herpaderping
Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.
Stars: ✭ 614 (+3993.33%)
Mutual labels: exploit, vulnerability
Exploiting Edge's read:// urlhandler
Introduction
This exploit was reported to Microsoft and I was acknowledged for doing so. The exploit has been patched on March 14th 2017 under names cve-2017-0065 and MS17-007 and will not work if related patches are applied. Sourcecode is provided for educational purposes only.
References:
https://technet.microsoft.com/en-us/library/security/mt745121.aspx
https://technet.microsoft.com/en-us/library/security/ms17-mar.aspx
https://www.symantec.com/security_response/vulnerability.jsp?bid=96648&om_rssid=sr-advisories
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0065
http://www.securityfocus.com/bid/96648
General
This exploit requires the victim has a forged file (exploit.html) on his file system on a known file location. Victim does not need to run it, just have it. The file can then be invoked by visiting a malicious website (malicious_server.php).
With this exploit local files may be uploaded to visited malicious websites without users consent.
Here's how to reproduce:
1. Edit exploit.html to have your test webservers address as the form action.
2. Serve malicious_server.php on a PHP enabled webserver, so you can access it with: http://yourwebserver.com/malicious_server.php
3. Place exploit.html into following folder: c:\windows\system32\drivers\etc\ (read: protocol seems picky about the file location)
4. Navigate to http://yourwebserver.com/malicious_server.php with Edge.
Here's what should happen:
1. Navigating to malicious_server.php should trigger browser redirect to: read:,c:\windows\system32\drivers\etc\exploit.html
2. exploit.html should then prompt user to click anywhere on the empty page.
3. After a click, exploit.html will create a window with url to: read:,c:\windows\system32\drivers\etc\hosts
4. If window creation succeeds, contents of opened window (hosts file) will be copied to a hidden form, window will be closed and the form submitted back to malicious_server.php on your webserver
5. malicious_server.php will display contents of the submitted file
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].