Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-41265 PoC — Qlik Sense 环境问题漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-41265.yaml
Associated Vulnerability
Title:Qlik Sense 环境问题漏洞 (CVE-2023-41265)
Description:Qlik Sense是美国Qlik公司的一个应用程序。允许用户为本地和离线使用创建可视化、图表、交互式仪表板和分析应用程序。 Qlik Sense Enterprise for Windows存在安全漏洞。攻击者利用该漏洞可以提升权限。
Description
An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunneling HTTP requests in the raw HTTP request. This allows them to send requests that get executed by the backend server hosting the repository application. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13.
File Snapshot

 id: CVE-2023-41265

info:
  name: Qlik Sense Enterprise - HTTP Request Smuggling
  author: AdamCross

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.