CVE-2022-22909

Hotel Druid 3.0.3 Code Injection to Remote Code Execution

CVE-2022-22909 Description A Code Injection vulnerability has been found on the Hotel Druid v303 application, which an attacker could exploit to execute remote code on the server For a successful exploitation, an attacker should have the privilege to add a new room Vulnerability description The vulnerability occurs because room names are getting stored inside a file named /

Exploits for Hotel Druid 3.0.3 - Remote Code Execution (RCE) CVE-2022-22909

CVE-2022-22909 Hotel Druid 303 - Remote Code Execution (RCE) Exploit by kaal Exploits HotelDruidExploitpy This Exploit will create new room with our PHP payload as a room name Usage : $ /HotelDruidExploitpy -h $ /HotelDruidExploitpy -u 127001/hoteldruid HotelDruidExploitRoompy This Exploit will work if you already know the Room name Usage : $ /Hote

Exploits for Hotel Druid 3.0.3 - Remote Code Execution (RCE) CVE-2022-22909

CVE-2022-22909 Hotel Druid 303 - Remote Code Execution (RCE) Exploit by kaal Exploits HotelDruidExploitpy This Exploit will create new room with our PHP payload as a room name Usage : $ /HotelDruidExploitpy -h $ /HotelDruidExploitpy -u 127001/hoteldruid HotelDruidExploitRoompy This Exploit will work if you already know the Room name Usage : $ /Hote

TryHackMe HotelKiosk Official Writeup I created the HotelKiosk box on TryHackMe to highlight my first two CVEs (CVE-2021-42949 and CVE-2021-42948) found from inspiration through TheMayor's blog post I Was Bored One NIght and Found Two CVEs I also drew inspiration from John Hammond's Kiosk Breakout YouTube series where he covers the setup and escape of Windows native