Back to directory
WRITEUP #839

ZeroQlik: Achieving Unauthenticated Remote Code Execution via HTTP Request Tunneling and Path Traversal

RCEPath traversalHTTP request tunnelingHTTP request smugglingSecurity code review
byAdam Crosser
Program
Qlik
Published
Aug 31, 2023
Added to HackDex
Sep 5, 2023
Read Full Writeuphttps://www.praetorian.com/blog/qlik-sense-technical-exploit/
RELATED WRITEUPS
Traccar 5 Remote Code Execution Vulnerabilities
RCEUnrestricted file upload
Path Traversal and Code Execution in CSLA.NET (CVE-2024-28698)
RCEPath traversal
WhatsUp Gold Pre-Auth RCE WriteDataFile Primitive (CVE-2024-4883)
RCEPath traversal
WhatsUp Gold Pre-Auth RCE GetFileWithoutZip Primitive (CVE-2024-4885)
RCEPath traversal
Getting code execution on Veeam through CVE-2023-27532
RCEInsecure deserialization

Built with ❤️ by Shubham Rawat