what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 3 of 3

Files from Rahul Maini

Atlassian Confluence SSTI Injection

Posted Jan 26, 2024

Authored by Spencer McIntyre, Harsh Jaiswal, Rahul Maini | Site metasploit.com

This Metasploit module exploits an SSTI injection in Atlassian Confluence servers. A specially crafted HTTP request uses the injection to evaluate an OGNL expression resulting in OS command execution. Versions 8.5.0 through 8.5.3 and 8.0 to 8.4 are known to be vulnerable.

tags | exploit, web

advisories | CVE-2023-22527

SHA-256 | 39194aa16a97418685a42e7cf82542a18f6236bb69aa758c9c1945fa2ea34f1e

Download | Favorite | View

VMWare Aria Operations For Networks SSH Private Key Exposure

Posted Oct 24, 2023

Authored by h00die, Harsh Jaiswal, Rahul Maini, SinSinology | Site metasploit.com

VMWare Aria Operations for Networks (vRealize Network Insight) versions 6.0.0 through 6.10.0 do not randomize the SSH keys on virtual machine initialization. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as the "support" (root) user.

tags | exploit, remote, root

advisories | CVE-2023-34039

SHA-256 | 64ffcacaea1bc62f727b2dd191fed3e691ed87d11e14a28285a0d1db38476562

Download | Favorite | View

VMWare Aria Operations For Networks Remote Code Execution

Posted Sep 2, 2023

Authored by Harsh Jaiswal, Sina Kheirkhah, Rahul Maini | Site summoning.team

VMWare Aria Operations for Networks (vRealize Network Insight) static SSH key remote code execution proof of concept exploit.

tags | exploit, remote, code execution, proof of concept

advisories | CVE-2023-34039

SHA-256 | ae67475970c05c39bc93428dddf3a98ddfed987c1bd13fb23f729e242a686959

Download | Favorite | View