This repository detects a system vulnerable to CVE-2022-21907 and protects against this vulnerability if desired

Last update: Dec 26, 2022

Overview

CVE-2022-21907

Description

This repository detects a system vulnerable to CVE-2022-21907 (CVSS:3.1 9.8), protects against this vulnerability if desired and exploit it with python and powershell (a payload is available). I offer 2 powershell codes in 1 line.

Codes

Only detect

$ErrorActionPreference="SilentlyContinue";$_=($(Get-ItemProperty -Path HKLM:\System\CurrentControlSet\Services\HTTP\Parameters\  -Name EnableTrailerSupport).EnableTrailerSupport -or $(Write-Host "Not vulnerable to CVE-2022-2190")) -and $(Write-Host "$env:computername vulnerable to CVE-2022-2190 !")

$ErrorActionPreference="SilentlyContinue";$key=Get-ItemProperty -Path HKLM:\System\CurrentControlSet\Services\HTTP\Parameters\  -Name EnableTrailerSupport;if($key -AND $key.EnableTrailerSupport -ne 0){echo "$env:computername vulnerable to CVE-2022-2190 !"}else{echo "Not vulnerable to CVE-2022-2190"}

With protection

Run these scripts as administrator to protect your computer/server.

$ErrorActionPreference="SilentlyContinue";$_=($(Get-ItemProperty -Path HKLM:\System\CurrentControlSet\Services\HTTP\Parameters\  -Name EnableTrailerSupport).EnableTrailerSupport -or $(Write-Host "Not vulnerable to CVE-2022-2190")) -and ($(Write-Host "$env:computername vulnerable to CVE-2022-2190 ! Change EnableTrailerSupport value to 0") -or $(Set-ItemProperty -Path HKLM:\System\CurrentControlSet\Services\HTTP\Parameters\  -Name EnableTrailerSupport -Value 0))

$ErrorActionPreference="SilentlyContinue";$key=Get-ItemProperty -Path HKLM:\System\CurrentControlSet\Services\HTTP\Parameters\  -Name EnableTrailerSupport;if($key -AND $key.EnableTrailerSupport -ne 0){echo "$env:computername vulnerable to CVE-2022-2190 ! Change EnableTrailerSupport value to 0";Set-ItemProperty -Path HKLM:\System\CurrentControlSet\Services\HTTP\Parameters\  -Name EnableTrailerSupport -Value 0}else{echo "Not vulnerable to CVE-2022-2190"}

Exploit

AAAAAAAAAAAAAAAAAAAAAAAA,AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA&AA&**AAAAAAAAAAAAAAAAAAAA**A,AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA,AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA,AAAAAAAAAAAAAAAAAAAAAAAAAAA,****************************AAAAAA, *, ,

Sources

Microsoft

Licence

Licensed under the GPL, version 3.

You might also like...

CVE-2022-23046 - SQL Injection Vulnerability on PhpIPAM v1.4.4

CVE-2022-23046 PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL s

2 Feb 15, 2022

😭 WSOB is a python tool created to exploit the new vulnerability on WSO2 assigned as CVE-2022-29464.

😭 WSOB (CVE-2022-29464) 😭 WSOB is a python tool created to exploit the new vulnerability on WSO2 assigned as CVE-2022-29464. CVE-2022-29464 details:

25 Oct 14, 2022

Find vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228)

log4j-finder A Python3 script to scan the filesystem to find Log4j2 that is vulnerable to Log4Shell (CVE-2021-44228) It scans recursively both on disk

431 Dec 22, 2022

Proof of concept to check if hosts are vulnerable to CVE-2021-41773

CVE-2021-41773 PoC Proof of concept to check if hosts are vulnerable to CVE-2021-41773. Description (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CV

43 Nov 9, 2022

Mass Check Vulnerable Log4j CVE-2021-44228

Log4j-CVE-2021-44228 Mass Check Vulnerable Log4j CVE-2021-44228 Introduction Actually I just checked via Vulnerable Application from https://github.co

6 Dec 28, 2022

Python3 script for scanning CVE-2021-44228 (Log4shell) vulnerable machines.

Log4j_checker.py (CVE-2021-44228) Description This Python3 script tries to look for servers vulnerable to CVE-2021-44228, also known as Log4Shell, a v

8 Feb 27, 2022

CVE-2022-22965 - CVE-2010-1622 redux

CVE-2022-22965 - vulnerable app and PoC Trial & error $ docker rm -f rce; docker build -t rce:latest . && docker run -d -p 8080:8080 --name rce rce:la

20 Aug 25, 2022

Vulnerability Scanner & Auto Exploiter You can use this tool to check the security by finding the vulnerability in your website or you can use this tool to Get Shells

About create a target list or select one target, scans then exploits, done! Vulnnr is a Vulnerability Scanner & Auto Exploiter You can use this tool t

108 Dec 4, 2021

command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.

CVE-2021-36260 CVE-2021-36260 POC command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validatio

165 Dec 21, 2022

This repository detects a system vulnerable to CVE-2022-21907 and protects against this vulnerability if desired

Related tags

Overview

CVE-2022-21907

Description

Codes

Only detect

With protection

Exploit

Sources

Licence

You might also like...

CVE-2022-23046 - SQL Injection Vulnerability on PhpIPAM v1.4.4

😭 WSOB is a python tool created to exploit the new vulnerability on WSO2 assigned as CVE-2022-29464.

Find vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228)

Proof of concept to check if hosts are vulnerable to CVE-2021-41773

Mass Check Vulnerable Log4j CVE-2021-44228

Python3 script for scanning CVE-2021-44228 (Log4shell) vulnerable machines.

CVE-2022-22965 - CVE-2010-1622 redux

Vulnerability Scanner & Auto Exploiter You can use this tool to check the security by finding the vulnerability in your website or you can use this tool to Get Shells

command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.

Releases(v1.0.0)

v1.0.0(Mar 5, 2022)

Owner

Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user

LeLeLe: A tool to simplify the application of Lattice attacks.

Tool-X is a kali linux hacking Tool installer.

🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.

PoC of proxylogon chain SSRF(CVE-2021-26855) to write file by testanull, censored by github

log4j-tools: CVE-2021-44228 poses a serious threat to a wide range of Java-based applications

Exploiting CVE-2021-44228 in VMWare Horizon for remote code execution and more.

A python base script from which you can hack or clone any person's facebook friendlist or followers accounts which have simple password

Workshop Material on VM-based Deobfuscation

ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF->GetWebShell)

Lazarus analysis tools and research report

Dome - Subdomain Enumeration Tool. Fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports.

Script Crack Facebook Premium 🚶‍♂

CodeTest信息收集和漏洞利用工具

How to exploit a double free vulnerability in 2021. 'Use-After-Free for Dummies'

Buffer Overflow para SLmail5.5 32 bits

CamOver is a camera exploitation tool that allows to disclosure network camera admin password.

RapiDAST provides a framework for continuous, proactive and fully automated dynamic scanning against web apps/API.

A signature parser for hikari's command handler tanjun.

All in One CRACKER911181's Tool. This Tool For Hacking and Pentesting.🎭