GoAnywhere MFT authentication bypass proof of concept exploit.
cc18afe3ce13ec7ab1ac673b6370a4830af2b4f40a635675ad5b2e4d8c6adfca
This proof of concept abuses an SQL injection vulnerability in MOVEit to obtain a sysadmin API access token and then use that access to abuse a deserialization call to obtain remote code execution. This proof of concept needs to reach out to an Identity Provider endpoint which hosts proper RS256 certificates used to forge arbitrary user tokens - by default this POC uses horizon3ai's IDP endpoint hosted in AWS. By default, the exploit will write a file to C:\Windows\Temp\message.txt. Alternative payloads can be generated by using the ysoserial.net project.
891c1c3067e64d2916aec314b0195ba65fbc31db8570faee1f1fc3f6b4a366d9
PaperCut MF/NG proof of concept exploit that uses an authentication bypass vulnerability chained with abuse of built-in scripting functionality to execute code.
e01888c501e68b969faf6f9f0762260b9738e28e6c41609aee12cd8f6079824b