Back to directory
WRITEUP #1804

CVE-2021-43444 to 43449: Exploiting ONLYOFFICE Web Sockets for Unauthenticated Remote Code Execution

XSSWebsocketsRCEArbitrary file writePath traversal
by@strawp(Iain Wallace)
Program
OnlyOffice
Published
Dec 14, 2022
Added to HackDex
Dec 20, 2022
Read Full Writeuphttps://labs.nettitude.com/blog/exploiting-onlyoffice-web-sockets-for-unauthenticated-remote-code-execution/
RELATED WRITEUPS
Studying 0days: How we hacked Anki, the world's most popular flashcard app
RCEComponents with known vulnerabilities
We hacked Anki - 0 day exploit from studying someone elses flashcards
RCEComponents with known vulnerabilities
Zero-Click Calendar invite — Critical zero-click vulnerability chain in macOS
RCEArbitrary file write
Traccar 5 Remote Code Execution Vulnerabilities
RCEUnrestricted file upload
From MLOps to MLOops: Exposing the Attack Surface of Machine Learning Platforms
AI / LLMAI

Built with ❤️ by Shubham Rawat