Skip to content

Instantly share code, notes, and snippets.

@picar0jsu
picar0jsu / CVE-2023-31871
Created May 18, 2023 15:48
OpenText Documentum Content Server < 23.2 SUID Local Privilege Escalation
[Suggested description]
OpenText Documentum Content Server before 23.2 has a flaw that allows
for privilege escalation from a non-privileged Documentum user to root.
The software comes prepackaged with a root owned SUID binary
dm_secure_writer. The binary has security controls in place preventing
creation of a file in a non-owned directory, or as the root user.
However, these controls can be carefully bypassed to allow for an
arbitrary file write as root.
------------------------------------------
@picar0jsu
picar0jsu / CVE-2022-21371
Last active April 26, 2023 06:59
Oracle WebLogic Server 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 Local File Inclusion
# Exploit Title: Oracle WebLogic Server 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 Local File Inclusion
# Date: 25/1/2022
# Exploit Author: Jonah Tan (@picar0jsu)
# Vendor Homepage: https://www.oracle.com
# Software Link: https://www.oracle.com/middleware/technologies/weblogic-server-installers-downloads.html
# Version: 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0
# Tested on: Windows Server 2019, WebLogic 12.2.1.3.0, Peoplesoft 8.57.22
# CVE : CVE-2022-21371
# Description
@picar0jsu
picar0jsu / CVE-2020-13893
Last active December 20, 2022 19:41
Multiple stored cross-site scripting (XSS) vulnerabilities in Sage EasyPay 10.7.5.10
[Suggested description]
Multiple stored cross-site scripting (XSS) vulnerabilities in Sage
EasyPay 10.7.5.10 allow authenticated attackers to inject arbitrary
web script or HTML via multiple parameters through Unicode
Transformations (Best-fit Mapping), as demonstrated by the full-width
variants of the less-than sign (%EF%BC%9C) and greater-than sign
(%EF%BC%9E).
------------------------------------------