{"vulnerability": "cve-2022-20126", "sightings": [{"uuid": "e2a2f0f2-6726-42eb-88ac-dd106661d4bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20126", "type": "seen", "source": "https://t.me/cibsecurity/44498", "content": "\u203c CVE-2022-20126 \u203c\n\nIn setScanMode of AdapterService.java, there is a possible way to enable Bluetooth discovery mode without user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-203431023\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-15T16:20:27.000000Z"}, {"uuid": "d4faff50-8f32-4608-8d3c-063bdf0c8e7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20126", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2759", "content": "#Tools -\u00a0 \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\n\nTracer\n\nFeatures:\n\u25ab\ufe0f 170+ sites that are checked\n\u25ab\ufe0f Filter websites based on their domain or category\n\u25ab\ufe0f Limit the pool of sites that will be checked\n\u25ab\ufe0f Save the result of each check in a report file\n\u25ab\ufe0f Open successful results in your browser\n\u25ab\ufe0f Customizability:\n\u25ab\ufe0f Use the included config file to change the behavior of Tracer\n\u25ab\ufe0f Easy to use\n\nhttps://github.com/chr3st5an/tracer\n\n\u200b\u200bxsser\n\nCross Site \"Scripter\" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.\n\nIt provides several options to try to bypass certain filters and various special techniques for code injection.\n\nXSSer has pre-installed [ > 1300 XSS ] attacking vectors and can bypass-exploit code on several browsers/WAFs:\n\n\u25ab\ufe0f PHP-IDS\n\u25ab\ufe0f Imperva Incapsula WAF\n\u25ab\ufe0f WebKnight WAF\n\u25ab\ufe0f F5 Big IP WAF\n\u25ab\ufe0f Barracuda WAF\n\u25ab\ufe0f Mod-Security\n\u25ab\ufe0f QuickDefense\n\u25ab\ufe0f SucuriWAF \n\u25ab\ufe0f Google Chrome\n\u25ab\ufe0f Internet Explorer\n\u25ab\ufe0f Mozilla's Gecko rendering engine, used by Firefox/Iceweasel\n\u25ab\ufe0f Netscape in IE rendering engine mode\n\u25ab\ufe0f Netscape in the Gecko rendering engine mode\n\u25ab\ufe0f Opera Browser\n\nhttps://github.com/epsylon/xsser\n\nWebsite:\nhttps://xsser.03c8.net/\n\n\u200b\u200bOpenWRTInvasion\n\nRoot shell exploit for several Xiaomi routers: 4A Gigabit, 4A 100M, 4C, 3Gv2, 4Q, miWifi 3C...\n\nhttps://github.com/acecilia/OpenWRTInvasion\n\n\u200b\u200bMitra\n\nA tool to generate binary polyglots (files that are valid with several file formats).\n\nhttps://github.com/corkami/mitra\n\n\u200b\u200bCVE-2022-20126\n\nhttps://github.com/Trinadh465/packages_apps_Bluetooth_AOSP10_r33_CVE-2022-20126\n\n\u200b\u200bModules\n\nOpen sourced the \"assembly execute\" and \"powerpick\" module/command. Have fun.\n\nhttps://github.com/HavocFramework/Modules\n\n\u200b\u200bMinimalistic TCP and UDP port scanners\n\nA simple yet powerful TCP and UDP port scanners:\n\n\u25ab\ufe0f Detection of open, closed and filtered ports (both TCP and UDP)\n\u25ab\ufe0f Ability to scan a single host, network range or a list of hosts in a file\n\u25ab\ufe0f Adjustable timeout values for effective and reliable port scanning\n\nDespite the minimalistic design, both port scanners keep track of everything by using a simple state file (scanresults.txt) which is created in the current working directory. \n\nhttps://github.com/InfosecMatter/Minimalistic-offensive-security-tools\n\nDetails:\nhttps://www.infosecmatter.com/port-scanner-in-powershell-tcp-udp-ps1/\n\n\u200b\u200bontgo403\n\nA tool to bypass 40X errors.\n\nhttps://github.com/devploit/dontgo403\n\n\u200b\u200bCVE-2022-31188\n\nOpenCV CVAT (Computer Vision Annotation Tool) SSRF.\n\nCVAT is an open source Computer Vision Annotation Tool developed by Intel. Any user with \"Task Create\" authorization can trigger the SSRF vulnerability by sending a malicious HTTP request and gaining access to other open ports on the system.\n\nhttps://github.com/emirpolatt/CVE-2022-31188\n\n#cve\n\n\u200b\u200bRUST_SYSCALLS\n\nSingle stub direct and indirect syscalling with runtime SSN resolving for windows.\n\nFeatures:\n\u25ab\ufe0f One single line for all your syscalls\n\u25ab\ufe0f Function name hashing at compilation time\n\u25ab\ufe0f Direct or indirect sycalls\n\u25ab\ufe0f x86_64, WOW64 and x86 native support\n\u25ab\ufe0f Designed to allow the implementation of custom SSN fetching methods (check the end of this readme for more info)\n\nhttps://github.com/janoglezcampos/rust_syscalls\n\n\u200b\u200bCVE-2022-22629 Proof of concept\n\nThis post is about the poc for the WebGL bug that was patched in Safari 15.4 security updates.\n\nhttps://github.com/parsdefense/CVE-2022-22629\n\n#cve\n\n\u200b\u200bTcbElevation.cpp\n\nWe are releasing an alternative way for elevating to SYSTEM when you have SeTcbPrivilege\n\nHow?\n\nLeveraging AcquireCredentialsHandle through an SSPI hook that allows authenticating as SYSTEM to SCM\n\nShould be \"lighter\" than the classic S4U\n\nhttps://gist.github.com/antonioCoco/19563adef860614b56d010d92e67d178\n\n\u200b\u200bJava-Deserialization-Cheat-Sheet\n\nA cheat sheet for pentesters and researchers about deserialization vulnerabilities in various Java (JVM) serialization libraries.\n\nhttps://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet\n\nJoin:\nhttps://t.me/dilagrafie\nhttps://t.me/HackerFactory\n\nWebsite:\nwww.ghostclan.org", "creation_timestamp": "2023-03-29T08:59:52.000000Z"}, {"uuid": "96aaeb09-077e-48ee-bfbc-23e4ce7308c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20126", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2826", "content": "\u200b\u200bEasyPen\n\nA GUI program which helps pentesters do information gathering, vulnerability scan and exploitation.\n\nIt has more than 100 built-in scan scripts written in Python which covers most common vulnerabilities while at the same time it provides you some extra exploitation tools.\n\nYou can easily write your own python script and apply the scan for thousands of targets.\n\nhttps://github.com/lijiejie/EasyPen\n\n\u200b\u200bOpenWRTInvasion\n\nRoot shell exploit for several Xiaomi routers: 4A Gigabit, 4A 100M, 4C, 3Gv2, 4Q, miWifi 3C...\n\nhttps://github.com/acecilia/OpenWRTInvasion\n\n#exploit\n\n\u200b\u200bMitra\n\nA tool to generate binary polyglots (files that are valid with several file formats).\n\nhttps://github.com/corkami/mitra\n\n\u200b\u200bHeadless Strike\n\nAggressorscript that turns the headless aggressor client into a (mostly) functional cobalt strike client.\n\nhttps://github.com/CodeXTF2/cobaltstrike-headless\n\n\u200b\u200bCVE-2022-20126\n\nhttps://github.com/Trinadh465/packages_apps_Bluetooth_AOSP10_r33_CVE-2022-20126\n\n#cve\n\n\u200b\u200bcURL for OSINT\n\ncURL Tool usage (with Grep) for OSINT (Open-Source Intelligence)\n\nhttps://github.com/C3n7ral051nt4g3ncy/cURL_for_OSINT\n\n\u200b\u200btargetedKerberoast\n\nKerberoast with ACL abuse capabilities.\n\nA Python script that can, like many others (e.g. GetUserSPNs.py), print \"kerberoast\" hashes for user accounts that have a SPN set. This tool brings the following additional feature: for each user without SPNs, it tries to set one (abuse of a write permission on the servicePrincipalName attribute), print the \"kerberoast\" hash, and delete the temporary SPN set for that operation. This is called targeted Kerberoasting. This tool can be used against all users of a domain, or supplied in a list, or one user supplied in the CLI.\n\nMore information about this attack:\nThe Hacker Recipes - Kerberoast\nThe Hacker Recipes - Targeted Kerberoasting\n\nhttps://github.com/ShutdownRepo/targetedKerberoast\n\n\u200b\u200bModules\n\nOpen sourced the \"assembly execute\" and \"powerpick\" module/command. Have fun.\n\nhttps://github.com/HavocFramework/Modules\n\n\u200b\u200bMinimalistic TCP and UDP port scanners\n\nA simple yet powerful TCP and UDP port scanners:\n\n\u25ab\ufe0f Detection of open, closed and filtered ports (both TCP and UDP)\n\u25ab\ufe0f Ability to scan a single host, network range or a list of hosts in a file\n\u25ab\ufe0f Adjustable timeout values for effective and reliable port scanning\n\nDespite the minimalistic design, both port scanners keep track of everything by using a simple state file (scanresults.txt) which is created in the current working directory. This allows the scanners to be easily resumed if they were interrupted or to skip already scanned hosts / ports.\n\nhttps://github.com/InfosecMatter/Minimalistic-offensive-security-tools\n\nDetails:\nhttps://www.infosecmatter.com/port-scanner-in-powershell-tcp-udp-ps1/\n\n#InsoSec #cybersec \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06", "creation_timestamp": "2023-04-02T11:47:21.000000Z"}, {"uuid": "cdcefd9c-065f-445b-ad79-02103f0893f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20126", "type": "exploited", "source": "https://t.me/CyberSecurityTechnologies/6767", "content": "#exploit\n1. CVE-2022-20126:\nhttps://github.com/Trinadh465/packages_apps_Bluetooth_AOSP10_r33_CVE-2022-20126\n\n2. Riding the InfoRail to Exploit Ivanti Avalanche\nhttps://www.zerodayinitiative.com/blog/2022/9/7/riding-the-inforail-to-exploit-ivanti-avalanche-part-2\n\n3. Root shell exploit for several Xiaomi routers:\n4A Gigabit, 4A 100M, 4C, 3Gv2, 4Q, miWifi 3C\nhttps://github.com/acecilia/OpenWRTInvasion", "creation_timestamp": "2023-10-13T01:57:42.000000Z"}]}