CVE-2023–27350 : PaperCut Tryhackme Write up | by Jawstar | Nov, 2024 | Medium

CVE-2023–27350 : PaperCut Tryhackme Write up
Jawstar
·Follow
2 min read·
Nov 9, 2024
--
Authorisation bypass (CVE-2023–27350) in PaperCut Print Management software leading to remote code execution.Task 1 :-IntroductionQ1) I am ready to learn about CVE-2023–27350! Answers :- No answer needed
Task 2 :-Understanding PaperCut and CVE-2023–27350Q2) What is the name for the logic vulnerability that occurs when session and authentication functions are used for multiple purposes? Answers :- Session Puzzling
Q3) What is the name of the Java class containing the authentication bypass vulnerability?
Answers :- SetupCompleted
Task 3 :-Exploiting CVE-2023–27350
Q4) If the vulnerable host has a hostname of PRINT.TRYHACKME.LOC, what would be the URL that you could use to perform the authentication bypass?
Answers :- http://PRINT.TRYHACKME.LOC:9191/app?service=page/SetupCompleted
Q5) What would be…
--
--
Written by Jawstar64 Followers
·23 Following
I'm a Penetration Tester, Cyber security researcher & Top 1% in Tryhackme https://buymeacoffee.com/jawstar_9999
No responses yet
Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams