Conversation
Notices
-
Embed this notice
NosirrahSec 🏴☠️ (nosirrahsec@infosec.exchange)'s status on Wednesday, 24-Jan-2024 08:41:16 JST NosirrahSec 🏴☠️
-
Embed this notice
da_667 (da_667@infosec.exchange)'s status on Wednesday, 24-Jan-2024 08:41:17 JST da_667
GoAnywhere MFT #CVE_2024_0204 is... path traversal.
[bullshitpath]/..;/wizard/InitialAccountSetup.xhtml re-runs the initial setup wizard, and lets attackers create their own admin account.
https://www.horizon3.ai/cve-2024-0204-fortra-goanywhere-mft-authentication-bypass-deep-dive/
Kevin Beaumont repeated this.
-
Embed this notice