CVE-2022-22845 PoC — Homer WebApp 信任管理问题漏洞

Source

https://github.com/OmriBaso/CVE-2022-22845-Exploit

Associated Vulnerability

Title:Homer WebApp 信任管理问题漏洞 (CVE-2022-22845)
Description:Homer WebApp是荷兰Sipcapture开源的一个托管 Homer-AppHep/Homer 7.7+ 堆栈的 Go Web 应用程序。 Homer WebApp 7.x 的 1.4.28 之前存在安全漏洞，该漏洞源于 QXIP SIPCAPTURE homer-app 在不同客户的安装中具有相同的 167f0db2-f83e-4baa-9736-d56064a5b415 JWT 密钥。

Description

Exploit for CVE-2022-22845 - Unauthenticated Admin Takeover On QXIP SIPCAPTURE Homer-App up to 1.4.27

Readme

# CVE-2022-22845-Exploit
Exploit for CVE-2022-22845 - Unauthenticated Admin Takeover On QXIP SIPCAPTURE Homer-App up to 1.4.27

##### Discovery: Omri Baso & Fabien Aunay
##### Exploit Author: Omri Baso

File Snapshot


 [4.0K]  /data/pocs/7f60c608f27874963c482894d5cd408056dbe608
├── [ 18K]  LICENSE
├── [ 203]  README.md
└── [2.3K]  Unauthenticated_admin_access.py

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!