Dec 31, 2022
as a trying to write exploitation for anything and find a use for it in real-world scenarios.
Exploiting such vulnerability for persistence can be a very good scenario, also it can be used with phishing and social engineering.
I wrote the next exploit:
Which generates reverse shell payload for linux and windows, the payload going to be saved in .md (markdown) file and once it’s imported in Notable, automatically it will be executed.
Run the exploit:
python3 CVE-2022-30507Exploit.py linux auto
python3 CVE-2022-30507Exploit.py win auto
Exploiting such applications on the end user's machine it’s a really interesting topic, and it can take us to very deep research to discover new ways of exploiting and hacking end user's machines through such applications.
This is version one of the exploitation.
We are currently developing version two which will import the payload file in the application automatically, and that will give us even more advanced persistence.
#exploit #cve #vulnerability #persistence #redteam #CVE-2022-30507
CVE-2023–23752: Joomla Unauthorized Access VulnerabilityMohammad Hussam Alzeyyat March 24, 2023
Apache Zero Days - Apache Spark Command Injection Vulnerability (CVE-2022-33891)Mudassar Zafar March 22, 2023
CVE-2022-44666: Microsoft Windows Contacts (VCF/Contact/LDAP) syslink control href attribute escape vulnerabilityj00sean (https://twitter.com/j00sean) March 01, 2023
KeePass Passwords Theft CVE-2023-240550Youssef Muhammad March 01, 2023
CVE-2022–44267: Denial Of Service in ImageMagickMohammad Hussam Alzeyyat February 28, 2023