Mach1ne
Mach1ne
Following the patch for CVE-2022-25018, sanitisation can be bypassed using the stripping-injection technique. If for example `>` -> evaluates to `` Reference and more info here: [PluXml-RCE](https://github.com/hansmach1ne/MyExploits/tree/main/RCE_PluXml_Static_Page_Sanitisation_Bypass) https://huntr.dev/bounties/6c694bbe-d244-42ee-b31b-4a10773daf85/
-eF, --enum-files -> Try to enumerate for sensitive files on the server -eN, --enum-network -> Try to enumerate server network information -eO, --enum-os -> Try to enumerate operating system information...
The issue is that /etc/passwd might be blocked by waf, so try to include modality that will use 'silent' payloads and include different files to confirm the vulnerability. Also Java...
Add support for endpoints that use JSON as the Content-Type. This is partially supported now, by using placeholder PWN as the injection point, however parameters won't be parsed and tested...
Problematic if user wants to test for example specific part of the request that contains binary data
In case of WAF presence, reduce the number of payloads, test only with silent ones
Implement false positive check that will try to include a different file to confirm the vulnerability.