{"uuid": "8454b4dd-4ecc-4d1a-8559-383b31fe5e09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-33352", "type": "published-proof-of-concept", "source": "https://t.me/cyber_hsecurity/1612", "content": "2. \u062f\u0648\u0631\u0629 \u0623\u0645\u0646 \u0627\u0644\u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0648\u0627\u062e\u062a\u0628\u0627\u0631 \u0627\u0644\u0627\u062e\u062a\u0631\u0627\u0642:\n   - \u0645\u0646\u0635\u0629: \u0631\u0648\u0627\u0642\n   - \u062a\u062a\u0636\u0645\u0646 \u0627\u0644\u062f\u0648\u0631\u0629 \u0634\u0631\u062d\u0627\u064b \u0644\u0643\u064a\u0641\u064a\u0629 \u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0648\u0627\u0644\u062a\u0639\u0627\u0645\u0644 \u0645\u0639\u0647\u0627.\n   - [\u0631\u0627\u0628\u0637 \u0627\u0644\u062f\u0648\u0631\u0629](https://www.rwaq.org/courses/information-security-and-penetration-testing)\n\n3. \u062f\u0648\u0631\u0629 \u0627\u0644\u0627\u062e\u062a\u0631\u0627\u0642 \u0627\u0644\u0623\u062e\u0644\u0627\u0642\u064a \u0645\u0646 \u0627\u0644\u0635\u0641\u0631 \u0625\u0644\u0649 \u0627\u0644\u0627\u062d\u062a\u0631\u0627\u0641:\n   - \u0645\u0646\u0635\u0629: Udemy\n   - \u062a\u0631\u0643\u0632 \u0639\u0644\u0649 \u062a\u0642\u0646\u064a\u0627\u062a \u0627\u0644\u0627\u062e\u062a\u0631\u0627\u0642 \u0627\u0644\u0623\u062e\u0644\u0627\u0642\u064a \u0648\u0643\u064a\u0641\u064a\u0629 \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0627\u0644\u0623\u062f\u0648\u0627\u062a \u0644\u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u062b\u063a\u0631\u0627\u062a.\n   - [\u0631\u0627\u0628\u0637 \u0627\u0644\u062f\u0648\u0631\u0629](https://www.udemy.com/course/ethical-hacking-arabic/)\n\n### \u062f\u0648\u0631\u0627\u062a \u0628\u0627\u0644\u0644\u063a\u0629 \u0627\u0644\u0625\u0646\u062c\u0644\u064a\u0632\u064a\u0629:\n\n1. Web Application Security Testing with OWASP ZAP:\n   - \u0645\u0646\u0635\u0629: Coursera\n   - \u062a\u0639\u0644\u0645 \u0643\u064a\u0641\u064a\u0629 \u0627\u062e\u062a\u0628\u0627\u0631 \u0623\u0645\u0646 \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0623\u062f\u0627\u0629 OWASP ZAP.\n   - [\u0631\u0627\u0628\u0637 \u0627\u0644\u062f\u0648\u0631\u0629](https://www.coursera.org/learn/web-application-security-testing-owasp-zap)\n\n2. Ethical Hacking: System Hacking:\n   - \u0645\u0646\u0635\u0629: LinkedIn Learning\n   - \u062a\u0639\u0644\u0645 \u0643\u064a\u0641\u064a\u0629 \u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0641\u064a \u0627\u0644\u0623\u0646\u0638\u0645\u0629 \u0648\u0627\u0633\u062a\u062e\u062f\u0627\u0645\u0647\u0627 \u0628\u0634\u0643\u0644 \u0622\u0645\u0646.\n   - [\u0631\u0627\u0628\u0637 \u0627\u0644\u062f\u0648\u0631\u0629](https://www.linkedin.com/learning/ethical-hacking-system-hacking)\n\n3. Penetration Testing and Ethical Hacking:\n   - \u0645\u0646\u0635\u0629: Pluralsight\n   - \u062f\u0648\u0631\u0629 \u0634\u0627\u0645\u0644\u0629 \u062a\u063a\u0637\u064a \u062a\u0642\u0646\u064a\u0627\u062a \u0627\u0644\u0627\u062e\u062a\u0631\u0627\u0642 \u0627\u0644\u0623\u062e\u0644\u0627\u0642\u064a \u0648\u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629.\n   - [\u0631\u0627\u0628\u0637 \u0627\u0644\u062f\u0648\u0631\u0629](https://www.pluralsight.com/courses/penetration-testing-ethical-hacking)\n\n4. Web Application Security for Absolute Beginners:\n   - \u0645\u0646\u0635\u0629: Udemy\n   - \u062f\u0648\u0631\u0629 \u0645\u0648\u062c\u0647\u0629 \u0644\u0644\u0645\u0628\u062a\u062f\u0626\u064a\u0646 \u062a\u062a\u0646\u0627\u0648\u0644 \u0623\u0633\u0627\u0633\u064a\u0627\u062a \u0623\u0645\u0646 \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0648\u0643\u064a\u0641\u064a\u0629 \u062d\u0645\u0627\u064a\u0629 \u0627\u0644\u0645\u0648\u0627\u0642\u0639 \u0645\u0646 \u0627\u0644\u0647\u062c\u0645\u0627\u062a.\n   - [\u0631\u0627\u0628\u0637 \u0627\u0644\u062f\u0648\u0631\u0629](https://www.udemy.com/course/web-application-security-for-absolute-beginners/)\n\n### \u0645\u0635\u0627\u062f\u0631 \u0625\u0636\u0627\u0641\u064a\u0629:\n\n- OWASP (Open Web Application Security Project):\n  - \u0645\u0634\u0631\u0648\u0639 \u0645\u0641\u062a\u0648\u062d \u0627\u0644\u0645\u0635\u062f\u0631 \u064a\u0631\u0643\u0632 \u0639\u0644\u0649 \u062a\u062d\u0633\u064a\u0646 \u0623\u0645\u0627\u0646 \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0627\u062a. \u064a\u0648\u0641\u0631 \u0642\u0648\u0627\u0626\u0645 \u0648\u062b\u0627\u0626\u0642\u064a\u0629 \u0648\u0623\u062f\u0648\u0627\u062a \u064a\u0645\u0643\u0646 \u0627\u0633\u062a\u062e\u062f\u0627\u0645\u0647\u0627 \u0644\u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629.\n  - [\u0631\u0627\u0628\u0637 \u0627\u0644\u0645\u0648\u0642\u0639](https://owasp.org/)\n\n- Hack The Box:\n  - \u0645\u0646\u0635\u0629 \u062a\u0641\u0627\u0639\u0644\u064a\u0629 \u062a\u0648\u0641\u0631 \u0628\u064a\u0626\u0629 \u0644\u0627\u062e\u062a\u0628\u0627\u0631 \u0627\u0644\u0627\u062e\u062a\u0631\u0627\u0642 \u0648\u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0641\u064a \u0623\u0646\u0638\u0645\u0629 \u062d\u0642\u064a\u0642\u064a\u0629.\n  - [\u0631\u0627\u0628\u0637 \u0627\u0644\u0645\u0648\u0642\u0639](https://www.hackthebox.com/)\n\n- SecurityTube:\n  - \u0645\u0643\u062a\u0628\u0629 \u0641\u064a\u062f\u064a\u0648\u0647\u0627\u062a \u062a\u0639\u0644\u064a\u0645\u064a\u0629 \u062a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u0627\u0644\u0639\u062f\u064a\u062f \u0645\u0646 \u0627\u0644\u062f\u0631\u0648\u0633 \u0648\u0627\u0644\u0645\u062d\u0627\u0636\u0631\u0627\u062a \u062d\u0648\u0644 \u0623\u0645\u0646 \u0627\u0644\u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0648\u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u062b\u063a\u0631\u0627\u062a.\n  - [\u0631\u0627\u0628\u0637 \u0627\u0644\u0645\u0648\u0642\u0639](http://www.securitytube.net/)\n\n- \u0643\u062a\u0627\u0628 \"The Web Application Hacker's Handbook\":\n  - \u0643\u062a\u0627\u0628 \u0645\u0645\u064a\u0632 \u064a\u062a\u0646\u0627\u0648\u0644 \u0628\u0627\u0644\u062a\u0641\u0635\u064a\u0644 \u0643\u064a\u0641\u064a\u0629 \u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0641\u064a \u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0627\u0644\u0648\u064a\u0628 \u0648\u0643\u064a\u0641\u064a\u0629 \u0627\u0633\u062a\u063a\u0644\u0627\u0644\u0647\u0627.\n  - [\u0631\u0627\u0628\u0637 \u0627\u0644\u0643\u062a\u0627\u0628 \u0639\u0644\u0649 \u0623\u0645\u0627\u0632\u0648\u0646](https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470)\n\nThe Smart Shadow:\n\u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0641\u064a BlueStacks (\u0645\u062d\u0627\u0643\u064a \u0627\u0644\u0623\u0646\u062f\u0631\u0648\u064a\u062f) \u0648\u0627\u0644\u062a\u064a \u062a\u0639\u062a\u0645\u062f \u0639\u0644\u0649 \u0627\u0644\u062a\u0633\u0644\u0644 \u0645\u0646 \u062e\u0644\u0627\u0644 \u0627\u0644\u0628\u0627\u0628 \u0627\u0644\u062e\u0644\u0641\u064a \u0644\u0644\u0622\u0644\u0629 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\u0629 (CVE-2024-33352) \n\n---\n\n\u0634\u0631\u062d \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 CVE-2024-33352 \u0641\u064a BlueStacks\n\n\u0645\u0642\u062f\u0645\u0629:\nBlueStacks \u0647\u0648 \u0645\u062d\u0627\u0643\u064a \u0623\u0646\u062f\u0631\u0648\u064a\u062f \u064a\u0633\u062a\u062e\u062f\u0645 \u0644\u062a\u0634\u063a\u064a\u0644 \u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0627\u0644\u0623\u0646\u062f\u0631\u0648\u064a\u062f \u0639\u0644\u0649 \u0623\u062c\u0647\u0632\u0629 \u0627\u0644\u0643\u0645\u0628\u064a\u0648\u062a\u0631. \u062a\u0645 \u0627\u0643\u062a\u0634\u0627\u0641 \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u062e\u0637\u064a\u0631\u0629 \u0641\u064a \u0647\u0630\u0627 \u0627\u0644\u0645\u062d\u0627\u0643\u064a \u062a\u062a\u064a\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u062a\u0635\u0639\u064a\u062f \u0627\u0644\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a \u0639\u0628\u0631 \u0627\u0644\u062a\u0633\u0644\u0644 \u0645\u0646 \u062e\u0644\u0627\u0644 \u0627\u0644\u0628\u0627\u0628 \u0627\u0644\u062e\u0644\u0641\u064a \u0644\u0644\u0622\u0644\u0629 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\u0629.\n\n\u0645\u0627 \u0647\u064a \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 CVE-2024-33352\u061f\n\nCVE-2024-33352 \u0647\u064a \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u062a\u0645 \u0627\u0643\u062a\u0634\u0627\u0641\u0647\u0627 \u0641\u064a BlueStacks\u060c \u062a\u062a\u064a\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u062a\u0635\u0639\u064a\u062f \u0627\u0644\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a (Privilege Escalation) \u0645\u0646 \u062e\u0644\u0627\u0644 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u0628\u0627\u0628 \u0627\u0644\u062e\u0644\u0641\u064a \u0644\u0644\u0622\u0644\u0629 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\u0629 (VM backdooring). \u0647\u0630\u0627 \u064a\u0639\u0646\u064a \u0623\u0646 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u064a\u0645\u0643\u0646\u0647 \u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0623\u0639\u0644\u0649 \u0645\u0645\u0627 \u0647\u0648 \u0645\u0633\u0645\u0648\u062d \u0644\u0647\u060c \u0645\u0645\u0627 \u064a\u0645\u0643\u0646\u0647 \u0645\u0646 \u062a\u0646\u0641\u064a\u0630 \u0623\u0648\u0627\u0645\u0631 \u0636\u0627\u0631\u0629 \u0623\u0648 \u0627\u0644\u0648\u0635\u0648\u0644 \u0625\u0644\u0649 \u0628\u064a\u0627\u0646\u0627\u062a \u062d\u0633\u0627\u0633\u0629.\n\n\u0643\u064a\u0641 \u062a\u0639\u0645\u0644 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629\u061f\n\n1. \u0627\u0644\u0628\u0627\u0628 \u0627\u0644\u062e\u0644\u0641\u064a \u0644\u0644\u0622\u0644\u0629 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\u0629 (VM backdooring):\n   - \u062a\u0633\u062a\u062e\u062f\u0645 BlueStacks \u062a\u0642\u0646\u064a\u0629 \u0627\u0644\u0622\u0644\u0629 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\u0629 \u0644\u062a\u0634\u063a\u064a\u0644 \u0646\u0638\u0627\u0645 \u0627\u0644\u0623\u0646\u062f\u0631\u0648\u064a\u062f \u0639\u0644\u0649 \u062c\u0647\u0627\u0632 \u0627\u0644\u0643\u0645\u0628\u064a\u0648\u062a\u0631. \u064a\u0645\u0643\u0646 \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0647\u0630\u0647 \u0627\u0644\u0628\u064a\u0626\u0629 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\u0629 \u0644\u0625\u062f\u062e\u0627\u0644 \u0643\u0648\u062f \u0636\u0627\u0631 (malicious code) \u062f\u0627\u062e\u0644 \u0627\u0644\u0622\u0644\u0629 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\u0629.\n   \n2. \u062a\u0635\u0639\u064a\u062f \u0627\u0644\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a (Privilege Escalation):\n   - \u0628\u0639\u062f \u0625\u062f\u062e\u0627\u0644 \u0627\u0644\u0643\u0648\u062f \u0627\u0644\u0636\u0627\u0631\u060c \u064a\u0645\u0643\u0646 \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u062a\u0635\u0639\u064a\u062f \u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a\u0647 \u062f\u0627\u062e\u0644 \u0627\u0644\u0646\u0638\u0627\u0645. \u0647\u0630\u0627 \u064a\u0639\u0646\u064a \u0623\u0646\u0647 \u064a\u0645\u0643\u0646\u0647 \u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0623\u0639\u0644\u0649 \u0645\u062b\u0644 \u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0627\u0644\u0645\u062f\u064a\u0631 (Administrator privileges)\u060c \u0645\u0645\u0627 \u064a\u062a\u064a\u062d \u0644\u0647 \u062a\u0646\u0641\u064a\u0630 \u0623\u0648\u0627\u0645\u0631 \u0636\u0627\u0631\u0629 \u0623\u0648 \u0627\u0644\u0648\u0635\u0648\u0644 \u0625\u0644\u0649 \u0645\u0644\u0641\u0627\u062a \u0627\u0644\u0646\u0638\u0627\u0645 \u0627\u0644\u062d\u0633\u0627\u0633\u0629.\n\n\u0645\u062b\u0627\u0644 \u0639\u0645\u0644\u064a:\n\n\u0644\u0646\u0641\u062a\u0631\u0636 \u0623\u0646 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0644\u062f\u064a\u0647 \u0648\u0635\u0648\u0644 \u0645\u062d\u062f\u0648\u062f \u0625\u0644\u0649 \u062c\u0647\u0627\u0632 \u0627\u0644\u0643\u0645\u0628\u064a\u0648\u062a\u0631 \u0627\u0644\u0630\u064a \u064a\u0639\u0645\u0644 \u0639\u0644\u064a\u0647 BlueStacks. \u064a\u0645\u0643\u0646\u0647 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 CVE-2024-33352 \u0628\u0627\u0644\u0637\u0631\u064a\u0642\u0629 \u0627\u0644\u062a\u0627\u0644\u064a\u0629:\n\n1. \u0625\u062f\u062e\u0627\u0644 \u0627\u0644\u0643\u0648\u062f \u0627\u0644\u0636\u0627\u0631:\n   - \u064a\u0642\u0648\u0645 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0628\u0625\u062f\u062e\u0627\u0644 \u0643\u0648\u062f \u0636\u0627\u0631 \u062f\u0627\u062e\u0644 \u0627\u0644\u0622\u0644\u0629 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\u0629 \u0644\u0640 BlueStacks. \u064a\u0645\u0643\u0646 \u0623\u0646 \u064a\u062d\u062f\u062b \u0630\u0644\u0643 \u0645\u0646 \u062e\u0644\u0627\u0644 \u062a\u0646\u0632\u064a\u0644 \u062a\u0637\u0628\u064a\u0642 \u0623\u0646\u062f\u0631\u0648\u064a\u062f \u0636\u0627\u0631 \u064a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u0627\u0644\u0643\u0648\u062f \u0627\u0644\u062e\u0628\u064a\u062b.\n\n2. \u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u0643\u0648\u062f \u0627\u0644\u0636\u0627\u0631:\n   - \u0639\u0646\u062f \u062a\u0634\u063a\u064a\u0644 \u0627\u0644\u062a\u0637\u0628\u064a\u0642 \u0627\u0644\u0636\u0627\u0631 \u062f\u0627\u062e\u0644 BlueStacks\u060c \u064a\u062a\u0645 \u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u0643\u0648\u062f \u0627\u0644\u0636\u0627\u0631 \u062f\u0627\u062e\u0644 \u0627\u0644\u0622\u0644\u0629 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\u0629.", "creation_timestamp": "2024-12-13T19:00:22.000000Z"}