{"vulnerability": "cve-2023-3689", "sightings": [{"uuid": "c89f45b5-9b8f-49c4-b1c2-3a10c649c823", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36899", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4901", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-36899 PoC\nURL\uff1ahttps://github.com/d0rb/CVE-2023-36899\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-08-11T14:40:00.000000Z"}, {"uuid": "7c37df39-f70d-4793-934e-5bd32dd7b911", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2023-36895", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=1086", "content": "", "creation_timestamp": "2023-08-10T04:00:00.000000Z"}, {"uuid": "7c402c07-5675-41f9-a473-9b9710d74ef1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36899", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4929", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-36899\u6f0f\u6d1e\u7684\u590d\u73b0\u73af\u5883\u548c\u5de5\u5177\uff0c\u9488\u5bf9ASP.NET\u6846\u67b6\u4e2d\u7684\u65e0cookie\u4f1a\u8bdd\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u3002\nURL\uff1ahttps://github.com/midisec/CVE-2023-36899\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-08-15T23:39:54.000000Z"}, {"uuid": "b5fa1390-3bd7-46ec-9991-3a34efc63981", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36895", "type": "seen", "source": "https://t.me/Cyber_Watch_insider/26", "content": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36895", "creation_timestamp": "2023-08-16T02:45:23.000000Z"}, {"uuid": "f7b7c17a-b9a7-4601-ad8b-27fbfbd941b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36899", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/1015", "content": "CVE-2023-36899 : Cookieless DuoDrop: IIS Auth Bypass & App Pool Privesc in ASP.NET Framework\nPOC : https://github.com/midisec/CVE-2023-36899\nBlog : https://soroush.me/blog/2023/08/cookieless-duodrop-iis-auth-bypass-app-pool-privesc-in-asp-net-framework-cve-2023-36899/\nBy : Soroush Dalili", "creation_timestamp": "2024-02-10T14:19:07.000000Z"}, {"uuid": "0972d4fe-2aed-4880-98f2-6cd575e8b19a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36899", "type": "published-proof-of-concept", "source": "https://t.me/ptswarm/182", "content": "Cookieless DuoDrop: IIS Auth Bypass & App Pool Privesc in ASP[.]NET Framework (CVE-2023-36899)\n\n\ud83d\udc64 by Soroush Dalili\n\nIn modern web development, while cookies are the go-to method for transmitting session IDs, the .NET Framework also provides an alternative: encoding the session ID directly in the URL. This method is useful to clients that do not support cookies. \nResearcher identified a strange anomaly when the cookieless pattern was repeated twice. This resulted in two vulnerabilities reported to Microsoft as their impact and the exploitation were different:\n   \u2022 IIS restricted path bypass leading to potential authentication and path-filtration bypass\n   \u2022 Application Pool confusion leading to potential privilege escalations\n\n\ud83d\udcdd Contents:\n\u25cf Introduction\n\u25cf Finding the vulnerability\n\u25cf IIS Restricted Path Bypass\n\u25cf The root cause\n\u25cf Application Pool Confusion\n\nhttps://soroush.me/blog/2023/08/cookieless-duodrop-iis-auth-bypass-app-pool-privesc-in-asp-net-framework-cve-2023-36899/", "creation_timestamp": "2023-08-10T16:18:02.000000Z"}, {"uuid": "cb37439a-7c7b-42eb-a635-6e0f64570134", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36896", "type": "seen", "source": "https://t.me/cibsecurity/68022", "content": "\u203c CVE-2023-36896 \u203c\n\nMicrosoft Excel Remote Code Execution Vulnerability\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-08T22:14:17.000000Z"}, {"uuid": "475e4146-7a7d-4005-baa4-8202a6d6391b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36899", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/7686", "content": "Cookieless DuoDrop: IIS Auth Bypass & App Pool Privesc in ASP.NET Framework (CVE-2023-36899) | Soroush Dalili (@irsdl) Blog\n\nhttps://soroush.me/blog/2023/08/cookieless-duodrop-iis-auth-bypass-app-pool-privesc-in-asp-net-framework-cve-2023-36899/", "creation_timestamp": "2023-08-21T12:27:19.000000Z"}, {"uuid": "0c940348-75bb-4545-a376-4a0d82aa2471", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36894", "type": "seen", "source": "https://t.me/cibsecurity/68040", "content": "\u203c CVE-2023-36894 \u203c\n\nMicrosoft SharePoint Server Information Disclosure Vulnerability\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-08T22:14:41.000000Z"}, {"uuid": "e0b20681-5525-496c-8b78-876b7a20fc63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36892", "type": "seen", "source": "https://t.me/cibsecurity/68038", "content": "\u203c CVE-2023-36892 \u203c\n\nMicrosoft SharePoint Server Spoofing Vulnerability\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-08T22:14:39.000000Z"}, {"uuid": "a59dab0c-2f30-4127-a8bd-becf6dd17dcb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36893", "type": "seen", "source": "https://t.me/cibsecurity/68036", "content": "\u203c CVE-2023-36893 \u203c\n\nMicrosoft Outlook Spoofing Vulnerability\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-08T22:14:37.000000Z"}, {"uuid": "a385b749-58b5-41a7-aa3c-7815410660b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36899", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8832", "content": "#WebApp_Security\n1. Smashing the state machine:\nthe true potential of web race conditions\nhttps://portswigger.net/research/smashing-the-state-machine\n2. Cookieless DuoDrop: IIS Auth Bypass & App Pool Privesc in ASP-NET Framework (CVE-2023-36899)\nhttps://soroush.me/blog/2023/08/cookieless-duodrop-iis-auth-bypass-app-pool-privesc-in-asp-net-framework-cve-2023-36899", "creation_timestamp": "2023-08-12T12:43:01.000000Z"}]}