CVE-2023–27350 : PaperCut Tryhackme Write up

1 week ago 25
BOOK THIS SPACE FOR AD
ARTICLE AD

Jawstar

Authorisation bypass (CVE-2023–27350) in PaperCut Print Management software leading to remote code execution.

Task 1 :-Introduction

Q1) I am ready to learn about CVE-2023–27350! Answers :- No answer needed
Task 2 :-Understanding PaperCut and CVE-2023–27350

Q2) What is the name for the logic vulnerability that occurs when session and authentication functions are used for multiple purposes? Answers :- Session Puzzling
Q3) What is the name of the Java class containing the authentication bypass vulnerability?
Answers :- SetupCompleted
Task 3 :-Exploiting CVE-2023–27350
Q4) If the vulnerable host has a hostname of PRINT.TRYHACKME.LOC, what would be the URL that you could use to perform the authentication bypass?
Answers :- http://PRINT.TRYHACKME.LOC:9191/app?service=page/SetupCompleted
Q5) What would be…

Read Entire Article