AWAE/OSWE
April 8, 2020 ยท View on GitHub
Preparation for coming AWAE Training.
Work in progress...
2016 Material (31GBs)
Facebook discuss group
Course syllabus
Other resource
Burpsuite how to?
Common web vulnerabilities
Atmail Mail Server Appliance: from XSS to RCE (6.4) CVE-2012-2593
- https://www.exploit-db.com/exploits/20009
- https://github.com/sourceincite/poc/blob/master/SRC-2016-0012.py
ATutor Authentication Bypass and RCE (2.2.1) CVE-2016-2555
- Install: https://sourceforge.net/projects/atutor/files/atutor_2_2_1/
- https://www.exploit-db.com/exploits/39514
ATutor LMS Type Juggling Vulnerability (<=2.2.1) CVE-?
- Install: https://sourceforge.net/projects/atutor/files/atutor_2_2_1/
- https://srcincite.io/advisories/src-2016-0012/
- https://github.com/sourceincite/poc/blob/master/SRC-2016-0012.py
- Reference: PHP Type Juggling
ManageEngine Applications Manager AMUserResourcesSyncServlet SQL Injection RCE CVE-?
- Install: http://archives.manageengine.com/applications_manager/13720/
- https://manageenginesales.co.uk/2018/05/manageengine-applications-manager-build-13730-released/
Bassmaster NodeJS Arbitrary JavaScript Injection Vulnerability (1.5.1) CVE-2014-7205
- Install: npm install bassmaster@1.5.1
- https://www.npmjs.com/package/bassmaster
- https://www.rapid7.com/db/modules/exploit/multi/http/bassmaster_js_injection
- https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/bassmaster_js_injection.rb
- https://www.exploit-db.com/exploits/40689
DotNetNuke Cookie Deserialization RCE (<9.1.1) CVE-2017-9822
- Install: https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v9.1.0
- https://gist.github.com/pwntester/72f76441901c91b25ee7922df5a8a9e4
- https://paper.seebug.org/365/
- https://www.youtube.com/watch?v=oUAeWhW5b8c
- https://vulners.com/seebug/SSV:96326