exploit the possibilities

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 2 of 2

Files from Horizon3 Attack Team

MOVEit Transfer SQL Injection / Remote Code Execution

Posted Jun 13, 2023

Authored by Horizon3 Attack Team | Site github.com

This proof of concept abuses an SQL injection vulnerability in MOVEit to obtain a sysadmin API access token and then use that access to abuse a deserialization call to obtain remote code execution. This proof of concept needs to reach out to an Identity Provider endpoint which hosts proper RS256 certificates used to forge arbitrary user tokens - by default this POC uses horizon3ai's IDP endpoint hosted in AWS. By default, the exploit will write a file to C:\Windows\Temp\message.txt. Alternative payloads can be generated by using the ysoserial.net project.

tags | exploit, remote, arbitrary, code execution, sql injection, proof of concept

systems | windows

advisories | CVE-2023-34362

SHA-256 | 891c1c3067e64d2916aec314b0195ba65fbc31db8570faee1f1fc3f6b4a366d9

Download | Favorite | View

PaperCut MF/NG Authentication Bypass / Remote Code Execution

Posted Apr 25, 2023

Authored by James Horseman, Zach Hanley, Horizon3 Attack Team | Site github.com

PaperCut MF/NG proof of concept exploit that uses an authentication bypass vulnerability chained with abuse of built-in scripting functionality to execute code.

tags | exploit, proof of concept, bypass

advisories | CVE-2023-27350

SHA-256 | e01888c501e68b969faf6f9f0762260b9738e28e6c41609aee12cd8f6079824b

Download | Favorite | View