CVE-2020-13942

CVE-2020-13942 unauthenticated RCE POC through MVEL and OGNL injection

CVE-2020-13942 CVE-2020-13942 POC by Eugene Rojavski Original blog post about the vulnerability: wwwcheckmarxcom/blog/apache-unomi-cve-2020-13942-rce-vulnerabilities-discovered/ There are two RCE vectors: through MVEL injection and through OGNL injection Both vectors target different code though the payloads look relatively similar The previous CVE fix nvdn

CVE-2020-13942 POC + Automation Script

CVE-2020-13942 POC + Automation Script Steps Step 1 : Enumerate all target subdomains for your fav bug bounty program Step 2 : Put them in the targetstxt file Step 3 : Run the Script Step 4 : If you find a vulnerable target, Dont forget to mention me :)

CVE-2020-13942 Run httpx or httprob on the targets before using the script USAGE /CVE-2020-13942sh targettxt Credit This script was made from Rohit Gautam Repo

CVE-2020-13942 Apache Unomi 远程代码执行漏洞脚getshell

CVE-2020-13942 Apache Unomi 远程代码执行漏洞脚本 漏洞简介 Apache Unomi是一个Java开源数据平台，这是一个Java服务器，旨在管理客户，潜在顾客和访问者的数据，并帮助个性化客户体验。Unomi可用于在非常不同的系统（例如CMS，CRM，问题跟踪器，本机移动应用程序等）中集成个性化和配置文件管�

Collection of exploits that were verified by an automated system

Collection of exploits that were verified by an automated system (It monitors different honeypots and feeds for new\potential exploits) The results are optimized python modules that can be integrated into your Vulnerability Intelligence Scanner Current Exploits CriticalCVE-2020-14882Oracle WebLogic Server Under Active Exploitation (RCE)Possible (+107,539 devices - 2020)

CVE-2020-13942 Run httpx or httprob on the targets before using the script USAGE /CVE-2020-13942sh targettxt Credit This script was made from Rohit Gautam Repo

CVE-2020-11975 CVE-2020-13942

声明 此处提供的漏洞检测方法、文件等内容，均仅限于安全从业者在获得法律授权的情况下使用，目的是检测已授权的服务器的安全性。安全从业者务必遵守法律规定，禁止在没有得到授权的情况下做任何漏洞检测。 简介 参考链接 cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2020-13942 s

CVE-2020-13942 Apache Unomi pre-auth RCE CVE-2020-13942 exploit POST /contextjson HTTP/11 Host: xxxx User-Agent: Mozilla/50 (Windows NT 100; WOW64) AppleWebKit/53736 (KHTML, like Gecko) Chrome/720362681 Safari/53736 SE 2X MetaSr 10 Content-Type: application/json Content-Length: 200 {"filters":[{"id" : "test","filters": [{&qu

Apache Unomi CVE-2020-13942: RCE Vulnerabilities

CVE-2020-13942 Original blog post about the vulnerability: wwwcheckmarxcom/blog/apache-unomi-cve-2020-13942-rce-vulnerabilities-discovered/ There are two RCE vectors: through MVEL injection and through OGNL injection Both vectors target different code though the payloads look relatively similar The previous CVE fix nvdnistgov/vuln/detail/CVE-2020-11975 tri