This repository detects a system vulnerable to CVE-2022-21907 and protects against this vulnerability if desired

Last update: Dec 26, 2022

Overview

CVE-2022-21907

Description

This repository detects a system vulnerable to CVE-2022-21907 (CVSS:3.1 9.8), protects against this vulnerability if desired and exploit it with python and powershell (a payload is available). I offer 2 powershell codes in 1 line.

Codes

Only detect

$ErrorActionPreference="SilentlyContinue";$_=($(Get-ItemProperty -Path HKLM:\System\CurrentControlSet\Services\HTTP\Parameters\  -Name EnableTrailerSupport).EnableTrailerSupport -or $(Write-Host "Not vulnerable to CVE-2022-2190")) -and $(Write-Host "$env:computername vulnerable to CVE-2022-2190 !")

$ErrorActionPreference="SilentlyContinue";$key=Get-ItemProperty -Path HKLM:\System\CurrentControlSet\Services\HTTP\Parameters\  -Name EnableTrailerSupport;if($key -AND $key.EnableTrailerSupport -ne 0){echo "$env:computername vulnerable to CVE-2022-2190 !"}else{echo "Not vulnerable to CVE-2022-2190"}

With protection

Run these scripts as administrator to protect your computer/server.

$ErrorActionPreference="SilentlyContinue";$_=($(Get-ItemProperty -Path HKLM:\System\CurrentControlSet\Services\HTTP\Parameters\  -Name EnableTrailerSupport).EnableTrailerSupport -or $(Write-Host "Not vulnerable to CVE-2022-2190")) -and ($(Write-Host "$env:computername vulnerable to CVE-2022-2190 ! Change EnableTrailerSupport value to 0") -or $(Set-ItemProperty -Path HKLM:\System\CurrentControlSet\Services\HTTP\Parameters\  -Name EnableTrailerSupport -Value 0))

$ErrorActionPreference="SilentlyContinue";$key=Get-ItemProperty -Path HKLM:\System\CurrentControlSet\Services\HTTP\Parameters\  -Name EnableTrailerSupport;if($key -AND $key.EnableTrailerSupport -ne 0){echo "$env:computername vulnerable to CVE-2022-2190 ! Change EnableTrailerSupport value to 0";Set-ItemProperty -Path HKLM:\System\CurrentControlSet\Services\HTTP\Parameters\  -Name EnableTrailerSupport -Value 0}else{echo "Not vulnerable to CVE-2022-2190"}

Exploit

AAAAAAAAAAAAAAAAAAAAAAAA,AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA&AA&**AAAAAAAAAAAAAAAAAAAA**A,AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA,AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA,AAAAAAAAAAAAAAAAAAAAAAAAAAA,****************************AAAAAA, *, ,

Sources

Microsoft

Licence

Licensed under the GPL, version 3.

You might also like...

CVE-2022-23046 - SQL Injection Vulnerability on PhpIPAM v1.4.4

CVE-2022-23046 PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL s

2 Feb 15, 2022

😭 WSOB is a python tool created to exploit the new vulnerability on WSO2 assigned as CVE-2022-29464.

😭 WSOB (CVE-2022-29464) 😭 WSOB is a python tool created to exploit the new vulnerability on WSO2 assigned as CVE-2022-29464. CVE-2022-29464 details:

25 Oct 14, 2022

Find vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228)

log4j-finder A Python3 script to scan the filesystem to find Log4j2 that is vulnerable to Log4Shell (CVE-2021-44228) It scans recursively both on disk

431 Dec 22, 2022

Proof of concept to check if hosts are vulnerable to CVE-2021-41773

CVE-2021-41773 PoC Proof of concept to check if hosts are vulnerable to CVE-2021-41773. Description (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CV

43 Nov 9, 2022

Mass Check Vulnerable Log4j CVE-2021-44228

Log4j-CVE-2021-44228 Mass Check Vulnerable Log4j CVE-2021-44228 Introduction Actually I just checked via Vulnerable Application from https://github.co

6 Dec 28, 2022

Python3 script for scanning CVE-2021-44228 (Log4shell) vulnerable machines.

Log4j_checker.py (CVE-2021-44228) Description This Python3 script tries to look for servers vulnerable to CVE-2021-44228, also known as Log4Shell, a v

8 Feb 27, 2022

CVE-2022-22965 - CVE-2010-1622 redux

CVE-2022-22965 - vulnerable app and PoC Trial & error $ docker rm -f rce; docker build -t rce:latest . && docker run -d -p 8080:8080 --name rce rce:la

20 Aug 25, 2022

Vulnerability Scanner & Auto Exploiter You can use this tool to check the security by finding the vulnerability in your website or you can use this tool to Get Shells

About create a target list or select one target, scans then exploits, done! Vulnnr is a Vulnerability Scanner & Auto Exploiter You can use this tool t

108 Dec 4, 2021

command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.

CVE-2021-36260 CVE-2021-36260 POC command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validatio

165 Dec 21, 2022

This repository detects a system vulnerable to CVE-2022-21907 and protects against this vulnerability if desired

Related tags

Overview

CVE-2022-21907

Description

Codes

Only detect

With protection

Exploit

Sources

Licence

You might also like...

CVE-2022-23046 - SQL Injection Vulnerability on PhpIPAM v1.4.4

😭 WSOB is a python tool created to exploit the new vulnerability on WSO2 assigned as CVE-2022-29464.

Find vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228)

Proof of concept to check if hosts are vulnerable to CVE-2021-41773

Mass Check Vulnerable Log4j CVE-2021-44228

Python3 script for scanning CVE-2021-44228 (Log4shell) vulnerable machines.

CVE-2022-22965 - CVE-2010-1622 redux

Vulnerability Scanner & Auto Exploiter You can use this tool to check the security by finding the vulnerability in your website or you can use this tool to Get Shells

command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.

Releases(v1.0.0)

v1.0.0(Mar 5, 2022)

Owner

Just your basic port scanner - with multiprocessing capabilities & further nmap enumeration.

NExfil is an OSINT tool written in python for finding profiles by username.

A proxy server application written in python for trial purposes

A BurpSuite extension to parse 5GC NF OpenAPI 3.0 files to assess 5G core networks

The self-hostable proxy tunnel

A fast sub domain brute tool for pentesters

Shell hunter for AF

RedDrop is a quick and easy web server for capturing and processing encoded and encrypted payloads and tar archives.

HashDB API hash lookup plugin for IDA Pro

Tool to check if your DNS comply to Polish Ministry of Finance gambling domains restrictions

Ensure secure infrastructure and consistency with the firewall rules

RCE Exploit for Gitlab < 13.9.4

利用NTLM Hash读取Exchange邮件

CVE-2021-26855: PoC (Not a HoneyPoC for once!)

Log4jake works by spidering a web application for GET/POST requests

This repository will contain python scripts for hackers and pentesters

Having a weak password is not good for a system that demands high confidentiality and security of user credentials

xkeysnail is yet another keyboard remapping tool for X environment written in Python

Automatic ProxyShell Exploit

Python directory buster, multiple threads, gobuster-like CLI, web server brute-forcer, URL replace pattern feature.