{"vulnerability": "CVE-2022-33980", "sightings": [{"uuid": "d34d7212-d746-41b8-9010-b1f432825c50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33980", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2896", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-33980\nURL\uff1ahttps://github.com/HKirito/CVE-2022-33980\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-08-10T03:22:01.000000Z"}, {"uuid": "d4063794-27c9-438a-8fb1-ad728907bbbb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33980", "type": "seen", "source": "Telegram/Uieng4hhAZFXjH9lPmah2RHnRpBbF9ZOA1GgoU9giQZ2kg", "content": "", "creation_timestamp": "2022-08-18T15:56:07.000000Z"}, {"uuid": "3167a851-7379-4810-9f75-9de5be4b25fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33980", "type": "seen", "source": "https://t.me/poxek/2303", "content": "Exploring CVE-2022-33980: the Apache Commons configuration RCE vulnerability\n\n\u041f\u0440\u0435\u0436\u0434\u0435 \u0447\u0435\u043c \u043c\u044b \u043f\u043e\u0433\u0440\u0443\u0437\u0438\u043c\u0441\u044f \u0432 \u0434\u0435\u0442\u0430\u043b\u0438 \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043c\u044b \u0445\u043e\u0442\u0438\u043c \u043f\u043e\u044f\u0441\u043d\u0438\u0442\u044c, \u0447\u0442\u043e \u043f\u0430\u043d\u0438\u043a\u043e\u0432\u0430\u0442\u044c \u043d\u0435 \u0441\u0442\u043e\u0438\u0442. \u041c\u043d\u043e\u0433\u0438\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0434\u043e\u043f\u0443\u0441\u043a\u0430\u044e\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0442\u0438\u043f\u043e\u0432 \u043a\u043e\u0434\u0430 \u0432 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u0430\u0445, \u0438 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0442 \u0437\u0430\u043a\u043e\u043d\u043d\u044b\u0435 \u0441\u043b\u0443\u0447\u0430\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0438\u043d\u0442\u0435\u0440\u043f\u043e\u043b\u044f\u0446\u0438\u0438 \u0441\u0442\u0440\u043e\u043a \u0438 \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0445 \u0432 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u0438 \u0441\u0438\u0441\u0442\u0435\u043c. \u042d\u0442\u043e \u043d\u0435 Log4Shell \u0437\u0430\u043d\u043e\u0432\u043e. \u042d\u0442\u043e \u043f\u0440\u043e\u0441\u0442\u043e\u0435 \u043c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0435\u0439. \u0415\u0441\u043b\u0438 \u043a\u0442\u043e-\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u043b\u0435\u0433\u043a\u043e \u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c \u0432\u0430\u0448\u0443 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044e \u0438\u043b\u0438 \u0434\u0438\u043d\u0430\u043c\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u044b, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043e\u043d\u0430 \u043c\u043e\u0436\u0435\u0442 \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u0442\u044c, \u0441\u043a\u043e\u0440\u0435\u0435 \u0432\u0441\u0435\u0433\u043e, \u0443 \u0432\u0430\u0441 \u0435\u0441\u0442\u044c \u0431\u043e\u043b\u0435\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b.", "creation_timestamp": "2022-08-18T17:00:04.000000Z"}, {"uuid": "6a5caec4-2b92-4f5f-968d-7d1244432125", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33980", "type": "published-proof-of-concept", "source": "Telegram/r5i-toYK2LmEKblilAbI6DQ5XOX4pVpACjVWGnbPihqd9A", "content": "", "creation_timestamp": "2022-08-11T13:53:18.000000Z"}, {"uuid": "b265ef37-8a78-426c-a41f-deba3382257d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33980", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/318", "content": "CVE-2022-33980: Apache Commons Configuration-RCE\nhttps://github.com/tangxiaofeng7/CVE-2022-33980-Apache-Commons-Configuration-RCE", "creation_timestamp": "2022-07-10T23:04:09.000000Z"}, {"uuid": "2e8759a6-4d17-49b9-ad70-4a62c445b90b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33980", "type": "seen", "source": "https://t.me/crackcodes/1040", "content": "Updates On Hackbyte Forum:-\n\n1. Universidad IEU Mexico Leak Files\n2. SCS-Siberia \u201c\u0421\u041a\u0421-\u0421\u0438\u0431\u0438\u0440\u044c\u201d \u2013 Telecommunications Company Russia Leak\n3. D.RDynamicShellcode\n4. DashOverride\n5. CVE-2022-33980 - Apache Commons RCE can use url,dns,script key-words to connect any server\n6. lfimap - Local file inclusion discovery and exploitation tool\n7. MSMAP - Msmap is a Memory WebShell Generator\n8. CVE-2022-29968\n9. CVE-2022-21894 - Secure Boot Security Feature Bypass Vulnerability\n10. PowerHuntShares\n11. chrome_password Js script - Steal Get username & password from Chrome. (Now Only Windows)\n12. Fatebot - Fate is IRC botnet\n13. JNDI-Injection-Exploit-Plus\n14. CVE-2022-27255 - Realtek eCos SDK SIP ALG buffer overflow\n15. Bypass-Sandbox-Evasion\n16. blackhat-arsenal-tools\n17. Blackhat 2022 recap \u2013 cloud, eBPF, global conflicts, supply chain, and more\n18. Hacking Zyxel IP cameras to gain a root shell\n19. CobaltStrike4.5\n20. DUOCELL Leak\n21. KisasaCredit Leak\n\n\ud83d\udc49\ud83c\udffb\ud83d\udc49\ud83c\udffbAll Updates On :- https://bit.ly/3yRyah3 \ud83d\udc48\ud83c\udffb\ud83d\udc48\ud83c\udffb", "creation_timestamp": "2022-08-18T15:53:26.000000Z"}, {"uuid": "9b79f844-7902-4d20-92b2-f322a47b516d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33980", "type": "seen", "source": "https://t.me/cibsecurity/45645", "content": "\u203c CVE-2022-33980 \u203c\n\nApache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is \"${prefix:name}\", where \"prefix\" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the interpolation. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - \"script\" - execute expressions using the JVM script execution engine (javax.script) - \"dns\" - resolve dns records - \"url\" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Configuration 2.8.0, which disables the problematic interpolators by default.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-06T16:20:54.000000Z"}, {"uuid": "54479e97-389c-438b-bb46-595201cb1f14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33980", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/6365", "content": "#exploit\n1. CVE-2022-33980:\nApache Commons Configuration-RCE\nhttps://github.com/tangxiaofeng7/CVE-2022-33980-Apache-Commons-Configuration-RCE\n\n2. CVE-2022-29554:\nMishandling of Input to API in PrintixService.exe\nhttps://github.com/ComparedArray/printix-CVE-2022-29554", "creation_timestamp": "2022-07-10T13:46:00.000000Z"}]}