📢📢
#CVE
-2024-23334
The vulnerability allows an attacker to read leaked source code, database configuration files, etc., resulting in a highly insecure web site.
#cybersecurity
#vulnerability
#infosecurity
learn more:
Solved the problem that the endpoint 404 of /app/rest/debug/processes in 2023.11.3 and other versions caused the RCE to fail. I will update the script to Github later.
Please pay attention:
#teamcity
#rce
#jetbrain
#cve
-2024-27198
Has anyone successfully reproduced Microsoft Sharepoint XXE (CVE-2024-30043)? I'm stuck here. "file:///localhost\c$/sites/cvetest/poc.xml" doesn't seem to help me get the unrestricted policy. Why is that? Can you give me some advice?
@chudyPB
@dustin_childs
May I know the specific version you used to reproduce the vulnerability? I have never been able to reproduce it successfully under 16.0.0.10337. Thank you very much!
@Skyworship2
@sirifu4k1
I just learned that nuclei v3 already supports inserting additional python code in yaml files🥰, which is really exciting and surprising. I was still stuck in v2 before, haha
@chudyPB
@dustin_childs
The dust has settled, and the reason why the reproduction of CVE-2024-30043 failed has been found. I did not update Windows Server. Thank you very much for your selfless and accurate help!
@Tagashy69
In addition, I saw this vulnerability before on DUCTF2023: , so if the question was published before the vulnerability was submitted to cve, I think this It really can’t be called a new vulnerability