AWAE/OSWE
Preparation for coming AWAE Training.
Work in progress...
2016 Material (31GBs)
Facebook discuss group
Course syllabus
Other resource
Burpsuite how to?
Common web vulnerabilities
Atmail Mail Server Appliance: from XSS to RCE (6.4) CVE-2012-2593
- https://www.exploit-db.com/exploits/20009
- https://github.com/sourceincite/poc/blob/master/SRC-2016-0012.py
ATutor Authentication Bypass and RCE (2.2.1) CVE-2016-2555
- Install: https://sourceforge.net/projects/atutor/files/atutor_2_2_1/
- https://www.exploit-db.com/exploits/39514
ATutor LMS Type Juggling Vulnerability (<=2.2.1) CVE-?
- Install: https://sourceforge.net/projects/atutor/files/atutor_2_2_1/
- https://srcincite.io/advisories/src-2016-0012/
- https://github.com/sourceincite/poc/blob/master/SRC-2016-0012.py
- Reference: PHP Type Juggling
ManageEngine Applications Manager AMUserResourcesSyncServlet SQL Injection RCE CVE-?
- Install: http://archives.manageengine.com/applications_manager/13720/
- https://manageenginesales.co.uk/2018/05/manageengine-applications-manager-build-13730-released/
Bassmaster NodeJS Arbitrary JavaScript Injection Vulnerability (1.5.1) CVE-2014-7205
- Install: npm install bassmaster@1.5.1
- https://www.npmjs.com/package/bassmaster
- https://www.rapid7.com/db/modules/exploit/multi/http/bassmaster_js_injection
- https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/bassmaster_js_injection.rb
- https://www.exploit-db.com/exploits/40689