Showing 1 - 3 of 3

Files from Horizon3 Attack Team

First Active	2023-04-25
Last Active	2024-01-24

GoAnywhere MFT Authentication Bypass: Posted Jan 24, 2024; Authored by James Horseman, Zach Hanley, Horizon3 Attack Team | Site github.com; GoAnywhere MFT authentication bypass proof of concept exploit.; tags | exploit, proof of concept; advisories | CVE-2024-0204; SHA-256 | cc18afe3ce13ec7ab1ac673b6370a4830af2b4f40a635675ad5b2e4d8c6adfca; Download | Favorite | View

MOVEit Transfer SQL Injection / Remote Code Execution: Posted Jun 13, 2023; Authored by Horizon3 Attack Team | Site github.com; This proof of concept abuses an SQL injection vulnerability in MOVEit to obtain a sysadmin API access token and then use that access to abuse a deserialization call to obtain remote code execution. This proof of concept needs to reach out to an Identity Provider endpoint which hosts proper RS256 certificates used to forge arbitrary user tokens - by default this POC uses horizon3ai's IDP endpoint hosted in AWS. By default, the exploit will write a file to C:\Windows\Temp\message.txt. Alternative payloads can be generated by using the ysoserial.net project.; tags | exploit, remote, arbitrary, code execution, sql injection, proof of concept; systems | windows; advisories | CVE-2023-34362; SHA-256 | 891c1c3067e64d2916aec314b0195ba65fbc31db8570faee1f1fc3f6b4a366d9; Download | Favorite | View

PaperCut MF/NG Authentication Bypass / Remote Code Execution: Posted Apr 25, 2023; Authored by James Horseman, Zach Hanley, Horizon3 Attack Team | Site github.com; PaperCut MF/NG proof of concept exploit that uses an authentication bypass vulnerability chained with abuse of built-in scripting functionality to execute code.; tags | exploit, proof of concept, bypass; advisories | CVE-2023-27350; SHA-256 | e01888c501e68b969faf6f9f0762260b9738e28e6c41609aee12cd8f6079824b; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days