Back to directory
WRITEUP #892

Cookieless DuoDrop: IIS Auth Bypass & App Pool Privesc in ASP.NET Framework (CVE-2023-36899 & CVE-2023-36560)

Auth BypassAuthentication bypassPrivilege escalation
by@irsdl(Soroush Dalili)
Program
-
Published
Aug 8, 2023
Added to HackDex
Jan 18, 2024
Read Full Writeuphttps://soroush.me/blog/2023/08/cookieless-duodrop-iis-auth-bypass-app-pool-privesc-in-asp-net-framework-cve-2023-36899/
RELATED WRITEUPS
Vulnerabilities in Open Source C2 Frameworks
RCEOS command injection
Breaking the Barrier: Admin Panel Takeover Worth $3500
Auth BypassAuthentication bypass
SAML Authentication Bypass Leading to Admin Panel Access
Auth BypassSAML
Breaking Down Barriers: Exploiting Authenticated IPC Clients
Auth BypassIPC client
Escalating From Reader To Contributor In Azure API Management
Privilege Escalation

Built with ❤️ by Shubham Rawat