as a trying to write exploitation for anything and find a use for it in real-world scenarios.
Exploiting such vulnerability for persistence can be a very good scenario, also it can be used with phishing and social engineering.
I wrote the next exploit:
https://github.com/mhzcyber/CVE-Analysis/blob/main/CVE-2022-30507/CVE-2022-30507Exploit.py
Which generates reverse shell payload for linux and windows, the payload going to be saved in .md (markdown) file and once it’s imported in Notable, automatically it will be executed.
Run the exploit:
python3 CVE-2022-30507Exploit.py
python3 CVE-2022-30507Exploit.py linux auto
python3 CVE-2022-30507Exploit.py win auto
Linux:
Windows:
Exploiting such applications on the end user's machine it’s a really interesting topic, and it can take us to very deep research to discover new ways of exploiting and hacking end user's machines through such applications.
This is version one of the exploitation.
We are currently developing version two which will import the payload file in the application automatically, and that will give us even more advanced persistence.
#exploit #cve #vulnerability #persistence #redteam #CVE-2022-30507
CVE-2023–23752: Joomla Unauthorized Access Vulnerability
Mohammad Hussam Alzeyyat March 24, 2023Apache Zero Days - Apache Spark Command Injection Vulnerability (CVE-2022-33891)
Mudassar Zafar March 22, 2023CVE-2022-44666: Microsoft Windows Contacts (VCF/Contact/LDAP) syslink control href attribute escape vulnerability
j00sean (https://twitter.com/j00sean) March 01, 2023KeePass Passwords Theft CVE-2023-240550
Youssef Muhammad March 01, 2023CVE-2022–44267: Denial Of Service in ImageMagick
Mohammad Hussam Alzeyyat February 28, 2023