Skip to content

Instantly share code, notes, and snippets.

View DylanGrl's full-sized avatar
🔓

Dylan Grl DylanGrl

🔓
4 followers · 2 following
View GitHub Profile
@DylanGrl
DylanGrl / nginx_privesc_sudo.md
Last active January 13, 2024 22:07
nginx privilege escalation - SUDO

Privilege Escalation - NGINX / SUDO

Condition - You must have sudo permission on nginx:

user@host:~$ sudo -l
Matching Defaults entries for user on host:
    env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin, use_pty

User user may run the following commands on host:
@DylanGrl
DylanGrl / CVE-2023-26961 - PoC.md
Last active August 3, 2023 12:30
CVE-2023-26961 - PoC

Product: Alteryx

CVE: CVE-2023-26961

Version: (?, 2022.1.1.42590) - Tested on version 2022.1.1.42590

CVSS : 6.5 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C

Vulnerability: Stored Cross-site scripting (XSS) – Media

@DylanGrl
DylanGrl / CVE-2022-39833_FileCloud-RCE.md
Last active January 14, 2024 22:28
CVE-2022-39833 - PoC

CVE: CVE-2022-39833 - FileCloud RCE

Information

Product: FileCloud Version: (, 21.3.5.18513) - Tested on version 21.3.5.18513 CVSS : 9.1 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Vulnerability: Remote Code Execution

Vulnerability Description :