Back to directory

WRITEUP #524

A christmas tale: pwning GTB Central Console (CVE-2024-22107 & CVE-2024-22108)

SQL InjectionDLP softwareOS command injectionRCESecurity code review

by@TheXC3LL(X-C3LL)

Program

GTB Technologies

Published

Jan 23, 2024

Added to HackDex

Feb 1, 2024

Read Full Writeuphttps://adepts.of0x.cc/gtbcc-pwned/

▸ RELATED WRITEUPS

Exploiting authorization by nonce in WordPress plugins

RCEArbitrary file upload

Vulnerabilities in Open Source C2 Frameworks

RCEOS command injection

Getting code execution on Veeam through CVE-2023-27532

RCEInsecure deserialization

Spip Preauth RCE 2024: Part 2, A Big Upload

Breaking Down Barriers: Exploiting Pre-Auth SQL Injection In WhatsUp Gold - CVE-2024-6670

SQL InjectionReverse engineering

Built with ❤️ by Shubham Rawat