| Name | Category | Info |
|---|---|---|
| 1688 Mobile May 2022 | Social Networking/Search | 1688 is a popular Chinese online wholesale application. |
| Match May 2022 | Social Networking/Search | Match is an online dating application. |
| Fast May 2022 | System/Network Admin | Fast (or Fast.com) is a single page web portal that lets the user measure the internet download speed of their PC or Mobile device. |
| Name | Category | Tags | Info |
|---|---|---|---|
| 1688 Mobile May 2022 | Social Networking/Search | E-Commerce ChinaApp MobileApp SimulatedTLS |
1688 is a popular Chinese online wholesale application. This is simulation of 1688 mobile v10.27.6 where the user goes to 1688, searches for products and purchases them. |
| Match May 2022 | Social Networking/Search | SimulatedTLS | Match is an online dating application. Profiles of potential matches are displayed to users, who can "like" them to indicate interest. Users can make a profile here which include their photo among other details. |
| Fast May 2022 | System/Network Admin | SimulatedTLS | Fast (or Fast.com) is a single page web portal that lets the user measure the internet download speed of their PC or Mobile device. |
| CVSS | ID | References | Category | Info |
|---|---|---|---|---|
| 10.0 | E22-cly51 | CVE-2021-42237CVSSCVSSv3CWE-502URLURL | Exploits | This strike exploits an insecure deserialization vulnerability in Sitecore XP. This vulnerability is due to insufficient validation of serialized data sent to Report.ashx. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in arbitrary code execution within the security context of the user running the vulnerable application. |
| 10.0 | E22-eh941 | CVE-2022-29464CVSSCVSSv3CWE-434URL | Exploits | This strike exploits a directory traversal vulnerability in WSO2 API Manager. The vulnerability is due to improper sanitization for the multipart form field name for the file upload route. A remote, unauthenticated attacker could exploit the vulnerability by sending crafted HTTP requests to a target server. Successful exploitation can result in arbitrary file write in the context of the wso2carbon user. |
| 7.2 | E22-ehta1 | CVE-2022-30190CVSSCVSSv3CWE-829URLURLURL | Exploits | This strike exploits a remote code execution vulnerability AKA Follina in Microsoft Support Diagnostic Tool(MSDT) when MSDT is called using the URL protocol. The vulnerability is due to the MSDT tool executing arbitrary code. A remote unauthenticated attacker can trick the victim into downloading a malicious HTML file served by the attacker which might execute arbitrary code on the victim machine. *NOTE: The link to the malicious file can be embedded in a Word Document which can download the HTML file without any interaction. This vulnerability can also be exploited by invoking any web request command in Powershell. The strike simulates the latter scenario where the client downloads the malicious HTML from the server. |
| 6.8 | E22-ca2y1 | CVE-2021-26858CVSSCVSSv3CWE-23 | Exploits | This strike exploits a path traversal vulnerability which affects Microsoft Exchange Server. The vulnerability is due to insufficient validation of the user provided path. A remote, authenticated attacker can exploit this vulnerability by sending several crafted requests to the target system. Successful exploitation results in remote code execution under the security context as SYSTEM. |
| Component | Info |
|---|---|
| Apps | Adding support for encapsulation of DCERPC messages to SMBv2 flow and additional messages. New actions to SMBv2 were added. "Write Request DCERPC", that takes a JSON file which describes the parameters for DCERPC. The parameters here are taken from our DCERPC, so when setting "context:15", for example, this is passed to our DCERPC classes and they generate the message type chosen with "context" set to "15". Next, the payload is packed in, as a normal "Write Request". An equivelent "Read Response DCERPC" was also added. Finally, "IOCTL Request/Response" were added. Also, the users are able to set a specific "Session ID" on each message and allow tokens to be used.
For DCERPC itself, instead of having single context and settings, multiple contexts each with their own special settings are now facilitated. Also, Wireshark will refuse to decode some of the IOCTL packets (as SVCCTL) unless the DCERPC BIND messages have these special contexts and values, so this was expanded to allow the user to set the number of contexts and values. |