CVE-2021-27928

A Proof of Concept for the CVE-2021-27928 flaw exploitation

CVE-2021-27928 In this repository, you will find a proof of concept of the exploitation of the CVE-2021-27928 flaw through a docker container # Exploit Title: MariaDB 102 /MySQL - 'wsrep_provider' OS Command Execution # Date: 03/18/2021 # Exploit Author: Central InfoSec # Version: MariaDB 102 before 10237, 103 before 10328, 104 bef

HTB Shibboleth Writeup

Shibboleth 101011124 Core Concepts: Enumeration As is tradition we begin with an nmap scan nmap -sV -sC -Pn 101011124 -o nmapshibbolethtxt nmap reveals a port 80 is open meaning we likely have a website Let's add 101011124 shibbolethhtb to /etc/hosts/ and browse to the site If you've read any of my previous wr

CVE-2021-27928 MariaDB/MySQL-'wsrep provider' 命令注入漏洞

Information Exploit Title: MariaDB 102 /MySQL - 'wsrep_provider' OS Command Execution Date: 03/18/2021 Exploit Author: Central InfoSec Version: MariaDB 102 before 10237 103 before 10328 104 before 10418 105 before 1059 Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL Tested on: Linux CVE : CVE-2021-27928

CVE-2021-27928-POC

CVE-2021-27928 POC Description A remote code execution issue was discovered in MariaDB 102 before 10237, 103 before 10328, 104 before 10418, and 105 before 1059; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying

HackTheBox-Shibboleth Enumeration ⛩\> nmap -p- -sV -sC -v -oA enum --min-rate 4500 --max-rtt-timeout 1500ms --open 10xxx Nmap scan report for 10xxx Host is up (036s latency) Not shown: 49325 closed tcp ports (reset), 16209 filtered tcp ports (no-response) Some closed ports may be reported as filtered due to --defeat-rst-ratelimit PORT STATE SERVICE VERSION 8

practice box

vulnbox_1 practice box some budget hackthebox THE GENERAL PATH Box 1 (Easy) Public facing wordpress site, vulnerable plugin wwwexploit-dbcom/exploits/39575 (LFI #1) Uses Box 2 mysql in wp-config attacker can find mysql container ip and creds for wordpressuser have a upload directory requiring creds from the LFI Upload webshell (no filter on php files #2) privesc: py

CUC-2023 本项目为CUC-2023 漏洞环境构建及漏洞复现报告。 githubcom/Shenkongyin/CUC-2023 技术与实现 1Python_CVE_2022_28347_Django 该漏洞使用本地IDE自建项目并结合 docker-composeyml 和 Dockerfile构建漏洞集成环境。使用Python编写POC完成漏洞复现。 2PHP_CVE-2019-7580_ThinkCMF 该漏洞使用 docker-composeyml 拉�

시큐어코딩 수업

SecureCoding-Study 시큐어코딩 수업 실습, 이론 C:\SecureCoding 11주차 SQL 삽입공격 -이론- 동적 쿼리 SQL문 사용할때 외부 입력값에 따라 쿼리문에 구조가 바뀌는 취약점을 이용 -피해유형 DB 정보 열람 및 추가 , 삭제 가능 프로시저를 통해 운영체제 명령어 수행 웹 애플리케이션을 조정해 다른 시

CVE-2021-27928 MariaDB/MySQL-'wsrep provider' 命令注入漏洞

Information Exploit Title: MariaDB 102 /MySQL - 'wsrep_provider' OS Command Execution Date: 03/18/2021 Exploit Author: Central InfoSec Version: MariaDB 102 before 10237 103 before 10328 104 before 10418 105 before 1059 Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL Tested on: Linux CVE : CVE-2021-27928

Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)

Information Exploit Title: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Date: 01/25/2022 Exploit Author: Qualys Research Team Tested on: ubuntu 20041 LTS CVE ID: CVE-2021-27928 How to Exploit Test Environment： Step 1：build the exp(From githubcom/berdav/CVE-2021-4034) make