Busy Weeks for PoC

Many PoC for old vulnerabilities have been released in the past few weeks. Here're a few that hopefully we all still remember them. :)

March 12 - Spectre PoC released

The Spectre vulnerability (disclosed in Jan 2018), makes use of a class of processor (CPU) design vulnerabilities that allow an attacker to change the intended program control flow.

• https://security.googleblog.com/2021/03/a-spectre-proof-of-concept-for-spectre.html
• https://leaky.page/
  
• https://github.com/google/security-research-pocs/tree/master/spectre.js
• https://www.youtube.com/watch?v=V_9cQP60ZGI&t=2s

March 12 - Ghostcat  (PoC for CVE-2020-1938)

In vulnerable Apache Tomcat, it shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected that this Connector would be disabled if not required.

• https://0day.today/exploits/34028
• https://github.com/nibiwodong/CNVD-2020-10487-Tomcat-ajp-POC
• Ghostcat (rapid7.com)

March 3 - MS Exchange Server PoC released

CVE-2020-24085 is a Microsoft Exchange Server spoofing vulnerability released as part of Microsoft’s February Patch Tuesday advisories. The vulnerability allows remote attackers to escalate privileges on affected installations of Microsoft Exchange Server; successful exploitation requires authentication and user interaction (visiting a malicious page). Security research shows that a public proof-of-concept exploit available since February 15, 2021.

• https://github.com/sourceincite/CVE-2021-24085
  

March 2 - VMware vCenter Server (CVE-2021-21972) PoC released

There are at least 4 proof-of-concept (PoC) exploits publicly available. vCenter Server customers who have not patched and who have vCenter exposed to the internet should strongly consider conducting incident response investigations. Strting from March 2, it is confirmed that wild exploitation has been detected to deliver web shells and malware.

• https://attackerkb.com/topics/lrfxAJ9nhV/vmware-vsphere-client-unauth-remote-code-execution-vulnerability-cve-2021-21972
• https://swarm.ptsecurity.com/unauth-rce-vmware/
  
• GitHub - horizon3ai/CVE-2021-21972: Proof of Concept Exploit for vCenter CVE-2021-21972
  

Feb 23 - WebLogic

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). 

• https://github.com//jas502n//CVE-2020-14882
• https://github.com/jas502n/CVE-2020-14882
• https://github.com/projectdiscovery/nuclei-templates/pull/599/commits/b175c2117cdf50765f547eda42e5d48650ef1b6b
• https://github.com/foospidy/web-cve-tests
• https://www.youtube.com/watch?v=t-sxvcZNFZo&feature=youtu.be
• https://github.com/wsfengfan/cve-2020-14882
• https://github.com/pprietosanchez/CVE-2020-14750
• https://github.com/corelight/CVE-2020-14882-weblogicRCE
• https://www.rapid7.com/db/modules/exploit/multi/http/weblogic_admin_handle_rce/