This repository detects a system vulnerable to CVE-2022-21907 and protects against this vulnerability if desired

Last update: Dec 26, 2022

Overview

CVE-2022-21907

Description

This repository detects a system vulnerable to CVE-2022-21907 (CVSS:3.1 9.8), protects against this vulnerability if desired and exploit it with python and powershell (a payload is available). I offer 2 powershell codes in 1 line.

Codes

Only detect

$ErrorActionPreference="SilentlyContinue";$_=($(Get-ItemProperty -Path HKLM:\System\CurrentControlSet\Services\HTTP\Parameters\  -Name EnableTrailerSupport).EnableTrailerSupport -or $(Write-Host "Not vulnerable to CVE-2022-2190")) -and $(Write-Host "$env:computername vulnerable to CVE-2022-2190 !")

$ErrorActionPreference="SilentlyContinue";$key=Get-ItemProperty -Path HKLM:\System\CurrentControlSet\Services\HTTP\Parameters\  -Name EnableTrailerSupport;if($key -AND $key.EnableTrailerSupport -ne 0){echo "$env:computername vulnerable to CVE-2022-2190 !"}else{echo "Not vulnerable to CVE-2022-2190"}

With protection

Run these scripts as administrator to protect your computer/server.

$ErrorActionPreference="SilentlyContinue";$_=($(Get-ItemProperty -Path HKLM:\System\CurrentControlSet\Services\HTTP\Parameters\  -Name EnableTrailerSupport).EnableTrailerSupport -or $(Write-Host "Not vulnerable to CVE-2022-2190")) -and ($(Write-Host "$env:computername vulnerable to CVE-2022-2190 ! Change EnableTrailerSupport value to 0") -or $(Set-ItemProperty -Path HKLM:\System\CurrentControlSet\Services\HTTP\Parameters\  -Name EnableTrailerSupport -Value 0))

$ErrorActionPreference="SilentlyContinue";$key=Get-ItemProperty -Path HKLM:\System\CurrentControlSet\Services\HTTP\Parameters\  -Name EnableTrailerSupport;if($key -AND $key.EnableTrailerSupport -ne 0){echo "$env:computername vulnerable to CVE-2022-2190 ! Change EnableTrailerSupport value to 0";Set-ItemProperty -Path HKLM:\System\CurrentControlSet\Services\HTTP\Parameters\  -Name EnableTrailerSupport -Value 0}else{echo "Not vulnerable to CVE-2022-2190"}

Exploit

AAAAAAAAAAAAAAAAAAAAAAAA,AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA&AA&**AAAAAAAAAAAAAAAAAAAA**A,AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA,AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA,AAAAAAAAAAAAAAAAAAAAAAAAAAA,****************************AAAAAA, *, ,

Sources

Microsoft

Licence

Licensed under the GPL, version 3.

You might also like...

CVE-2022-23046 - SQL Injection Vulnerability on PhpIPAM v1.4.4

CVE-2022-23046 PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL s

2 Feb 15, 2022

😭 WSOB is a python tool created to exploit the new vulnerability on WSO2 assigned as CVE-2022-29464.

😭 WSOB (CVE-2022-29464) 😭 WSOB is a python tool created to exploit the new vulnerability on WSO2 assigned as CVE-2022-29464. CVE-2022-29464 details:

25 Oct 14, 2022

Find vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228)

log4j-finder A Python3 script to scan the filesystem to find Log4j2 that is vulnerable to Log4Shell (CVE-2021-44228) It scans recursively both on disk

431 Dec 22, 2022

Proof of concept to check if hosts are vulnerable to CVE-2021-41773

CVE-2021-41773 PoC Proof of concept to check if hosts are vulnerable to CVE-2021-41773. Description (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CV

43 Nov 9, 2022

Mass Check Vulnerable Log4j CVE-2021-44228

Log4j-CVE-2021-44228 Mass Check Vulnerable Log4j CVE-2021-44228 Introduction Actually I just checked via Vulnerable Application from https://github.co

6 Dec 28, 2022

Python3 script for scanning CVE-2021-44228 (Log4shell) vulnerable machines.

Log4j_checker.py (CVE-2021-44228) Description This Python3 script tries to look for servers vulnerable to CVE-2021-44228, also known as Log4Shell, a v

8 Feb 27, 2022

CVE-2022-22965 - CVE-2010-1622 redux

CVE-2022-22965 - vulnerable app and PoC Trial & error $ docker rm -f rce; docker build -t rce:latest . && docker run -d -p 8080:8080 --name rce rce:la

20 Aug 25, 2022

Vulnerability Scanner & Auto Exploiter You can use this tool to check the security by finding the vulnerability in your website or you can use this tool to Get Shells

About create a target list or select one target, scans then exploits, done! Vulnnr is a Vulnerability Scanner & Auto Exploiter You can use this tool t

108 Dec 4, 2021

command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.

CVE-2021-36260 CVE-2021-36260 POC command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validatio

165 Dec 21, 2022

This repository detects a system vulnerable to CVE-2022-21907 and protects against this vulnerability if desired

Related tags

Overview

CVE-2022-21907

Description

Codes

Only detect

With protection

Exploit

Sources

Licence

You might also like...

CVE-2022-23046 - SQL Injection Vulnerability on PhpIPAM v1.4.4

😭 WSOB is a python tool created to exploit the new vulnerability on WSO2 assigned as CVE-2022-29464.

Find vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228)

Proof of concept to check if hosts are vulnerable to CVE-2021-41773

Mass Check Vulnerable Log4j CVE-2021-44228

Python3 script for scanning CVE-2021-44228 (Log4shell) vulnerable machines.

CVE-2022-22965 - CVE-2010-1622 redux

Vulnerability Scanner & Auto Exploiter You can use this tool to check the security by finding the vulnerability in your website or you can use this tool to Get Shells

command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.

Releases(v1.0.0)

v1.0.0(Mar 5, 2022)

Owner

PoC of proxylogon chain SSRF(CVE-2021-26855) to write file by testanull, censored by github

this keylogger is only for pc not for android but it will only work on those pc who have python installed it is made for all linux,windows and macos

🐎🖥《赛马娘》（ウマ娘: Pretty Derby）辅助脚本

CVE-2021-22005 - VMWare vCenter Server File Upload to RCE

Official repository for Pyew.

Phishing-Crack tools to punish friends

2021hvv漏洞汇总

evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.

OpenTOTP is yet another time-based, one-time passwords (OTPs) generator/verifier inspired by RFC 6238.

A terminal based web shell controller

A powerful password generator utility which utilizes the slot technique to generate strong passwords of required length having combinations of lower and upper characters, digits and symbols.

Worm/Trojan/Ransomware/apt/Rootkit/Virus Database

Rapidly enumerate subdomains and domains using rapiddns.io.

IDA2Obj is a tool to implement SBI (Static Binary Instrumentation).

A simple Outline Server Access Key Copy and Paste Web Interface

AIL LeakFeeder: A Module for AIL Framework that automate the process to feed leaked files automatically to AIL

A burp-suite plugin that extract all parameter names from in-scope requests

DNSpooq - dnsmasq cache poisoning (CVE-2020-25686, CVE-2020-25684, CVE-2020-25685)

IDA scripts for hypervisor (Hyper-v) analysis and reverse engineering automation

An OSINT tool that searches for devices directly connected to the internet (IoT) with a user specified query. It returns results for Webcams, Traffic lights, Refridgerators, Smart TVs etc.