└── README.md


/README.md:
--------------------------------------------------------------------------------
 1 | # AWAE/OSWE
 2 | 
 3 | Preparation for coming AWAE Training. 
 4 | Work in progress...
 5 | 
 6 | ## Atmail Mail Server Appliance: from XSS to RCE (6.4) CVE-2012-2593
 7 | - https://www.exploit-db.com/exploits/20009
 8 | - https://github.com/sourceincite/poc/blob/master/SRC-2016-0012.py
 9 | 
10 | ## ATutor Authentication Bypass and RCE (2.2.1) CVE-2016-2555
11 | - Install: https://sourceforge.net/projects/atutor/files/atutor_2_2_1/
12 | - https://www.exploit-db.com/exploits/39514
13 | - https://srcincite.io/advisories/src-2016-0009/
14 | - https://www.exploit-db.com/exploits/39639
15 | - https://github.com/atutor/ATutor/commit/d74f1177cfa92ed8e49aa65f724f308b4a3ac5b9
16 | 
17 | ## ATutor LMS Type Juggling Vulnerability (<=2.2.1) CVE-?
18 | - Install: https://sourceforge.net/projects/atutor/files/atutor_2_2_1/
19 | - https://srcincite.io/advisories/src-2016-0012/
20 | - https://github.com/sourceincite/poc/blob/master/SRC-2016-0012.py
21 | - https://github.com/atutor/ATutor/commit/2eed42a74454355eddc7fc119e67af40dba1a94c
22 | - Reference: PHP Type Juggling
23 |   - https://www.youtube.com/watch?v=ASYuK01H3Po
24 |   - https://www.netsparker.com/blog/web-security/type-juggling-authentication-bypass-cms-made-simple/
25 | 
26 | ## ManageEngine Applications Manager AMUserResourcesSyncServlet SQL Injection RCE CVE-?
27 | - Install: http://archives.manageengine.com/applications_manager/12900
28 | - https://manageenginesales.co.uk/2018/05/manageengine-applications-manager-build-13730-released/
29 | - https://www.postgresql.org/docs/9.4/functions-binarystring.html
30 | - https://www.mulesoft.com/tcat/tomcat-jsp
31 | - Extra: Deserialization Vulnerability
32 |   - https://www.geeksforgeeks.org/serialization-in-java/
33 |   - https://github.com/frohoff/ysoserial
34 |   - https://blog.jamesotten.com/post/applications-manager-rce/
35 |   - https://www.scaler.com/topics/java/serialization-in-java/
36 | 
37 | ## Bassmaster NodeJS Arbitrary JavaScript Injection Vulnerability (1.5.1) CVE-2014-7205
38 | - Install: npm install bassmaster@1.5.1
39 | - https://www.npmjs.com/package/bassmaster
40 | - https://www.rapid7.com/db/modules/exploit/multi/http/bassmaster_js_injection
41 | - https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/bassmaster_js_injection.rb
42 | - https://www.exploit-db.com/exploits/40689
43 | - https://vulners.com/nodejs/NODEJS:337
44 | 
45 | ## DotNetNuke Cookie Deserialization RCE (<9.1.1) CVE-2017-9822
46 | - Install: https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v9.1.0
47 | - https://www.blackhat.com/docs/us-17/thursday/us-17-Munoz-Friday-The-13th-Json-Attacks.pdf
48 | - https://media.blackhat.com/bh-us-12/Briefings/Forshaw/BH_US_12_Forshaw_Are_You_My_Type_WP.pdf
49 | - https://gist.github.com/pwntester/72f76441901c91b25ee7922df5a8a9e4
50 | - https://paper.seebug.org/365/
51 | - https://www.youtube.com/watch?v=oUAeWhW5b8c
52 | - https://vulners.com/seebug/SSV:96326
53 | - https://www.slideshare.net/MSbluehat/dangerous-contents-securing-net-deserialization
54 | - https://www.exploit-db.com/docs/english/44756-deserialization-vulnerability.pdf
55 | 


--------------------------------------------------------------------------------