Skip to content

Instantly share code, notes, and snippets.

@wwwziziyu
Created October 11, 2023 01:05
Show Gist options
  • Save wwwziziyu/85bdf8d56b415974c4827a5668f493e9 to your computer and use it in GitHub Desktop.
Save wwwziziyu/85bdf8d56b415974c4827a5668f493e9 to your computer and use it in GitHub Desktop.
CVE-2023-40829 POC introduce
The cveform.mitre.org "Vulnerability Type" field was set to:
Incorrect Access Control
⬤ The cveform.mitre.org "Affected Component" field was set to:
Sensitive information can lead to the full amount of
enterprise wechat data being obtained, file acquisition, and
the use of enterprise wechat light application to send
phishing files and links to internal forces
⬤ The cveform.mitre.org "Attack Type" field was set to: Remote
⬤ The cveform.mitre.org "Impact Information Disclosure" field
was set to: true
⬤ The cveform.mitre.org "Attack Vectors" field was set to:
POC:XXX.com/cgi-bin/gateway/agentinfo
⬤ The cveform.mitre.org "Discoverer" field was set to: eziyu
⬤ The cveform.mitre.org "Reference" field was set to:
http://enterprise.comhttp://tencent.com
⬤ The cveform.mitre.org "Vendor of Product" field was set to:
tencent
⬤ The cveform.mitre.org "Affected Product Code Base" field was
set to: Enterprise wechat Privatized enterprise wechat
⬤ The cveform.mitre.org "Suggested description" field was set
to: There is an interface unauthorized access vulnerability in the background of Enterprise Wechat Privatization 2.5.x and 2.6.930000
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment