Gonski mbb5546

## columbiasoft-improper-auth.yaml
id: CVE-2023-5830

info:
  name: ColumbiaSoft DocumentLocator - Improper Authentication
  author: Gonski
  severity: critical
  description: |
    Instances of ColumbiaSoft's Document Locator prior to version 7.2 SP4 and 2021.1 are vulnerable to an Improper Authentication/SSRF vulnerability. This template identifies vulnerable instances of the ColumbiaSoft Document Locater application by confirming external DNS interaction/lookups by modifying the value of the client-side SERVER parameter at /api/authentication/login.
  impact: |
    An attacker could exploit this vulnerability to gain unauthorized access to sensitive information.

## pivoting-notes.md

      
        
          
            
              
              1 file
            
          
          
            
              
              0 forks
            
          
          
            
              
              0 comments
            
          
          
            
              
              0 stars
            
          
        
        
          
              
          
          
            
                mbb5546
                / pivoting-notes.md
            
            
              Created
              January 16, 2024 19:02
            
              
                Pivoting Notes
              
          
        
      
        
  
      
    From Wreath

ReadMe

The method we use to pivot will depend on the OS of the target systems. Metasploit can make pivoting easier which we will learn about in the future.
There are two main methods when it comes to pivoting:

Tunneling/Proxying: creating a proxy connection thru a compromised machine in order to route all desired traffic into the targeted network. This could also be tunneled inside another protocol (SSH tunneling) which can be useful for evading IDS or firewalls
Port forwarding: Creating a connection between a local port and a single port on the target.
	id: CVE-2023-5830

	info:
	name: ColumbiaSoft DocumentLocator - Improper Authentication
	author: Gonski
	severity: critical
	description: \|
	Instances of ColumbiaSoft's Document Locator prior to version 7.2 SP4 and 2021.1 are vulnerable to an Improper Authentication/SSRF vulnerability. This template identifies vulnerable instances of the ColumbiaSoft Document Locater application by confirming external DNS interaction/lookups by modifying the value of the client-side SERVER parameter at /api/authentication/login.
	impact: \|
	An attacker could exploit this vulnerability to gain unauthorized access to sensitive information.