{"vulnerability": "CVE-2023-36899", "sightings": [{"uuid": "a385b749-58b5-41a7-aa3c-7815410660b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36899", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8832", "content": "#WebApp_Security\n1. Smashing the state machine:\nthe true potential of web race conditions\nhttps://portswigger.net/research/smashing-the-state-machine\n2. Cookieless DuoDrop: IIS Auth Bypass & App Pool Privesc in ASP-NET Framework (CVE-2023-36899)\nhttps://soroush.me/blog/2023/08/cookieless-duodrop-iis-auth-bypass-app-pool-privesc-in-asp-net-framework-cve-2023-36899", "creation_timestamp": "2023-08-12T12:43:01.000000Z"}, {"uuid": "0972d4fe-2aed-4880-98f2-6cd575e8b19a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36899", "type": "published-proof-of-concept", "source": "https://t.me/ptswarm/182", "content": "Cookieless DuoDrop: IIS Auth Bypass & App Pool Privesc in ASP[.]NET Framework (CVE-2023-36899)\n\n\ud83d\udc64 by Soroush Dalili\n\nIn modern web development, while cookies are the go-to method for transmitting session IDs, the .NET Framework also provides an alternative: encoding the session ID directly in the URL. This method is useful to clients that do not support cookies. \nResearcher identified a strange anomaly when the cookieless pattern was repeated twice. This resulted in two vulnerabilities reported to Microsoft as their impact and the exploitation were different:\n   \u2022 IIS restricted path bypass leading to potential authentication and path-filtration bypass\n   \u2022 Application Pool confusion leading to potential privilege escalations\n\n\ud83d\udcdd Contents:\n\u25cf Introduction\n\u25cf Finding the vulnerability\n\u25cf IIS Restricted Path Bypass\n\u25cf The root cause\n\u25cf Application Pool Confusion\n\nhttps://soroush.me/blog/2023/08/cookieless-duodrop-iis-auth-bypass-app-pool-privesc-in-asp-net-framework-cve-2023-36899/", "creation_timestamp": "2023-08-10T16:18:02.000000Z"}, {"uuid": "f7b7c17a-b9a7-4601-ad8b-27fbfbd941b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36899", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/1015", "content": "CVE-2023-36899 : Cookieless DuoDrop: IIS Auth Bypass & App Pool Privesc in ASP.NET Framework\nPOC : https://github.com/midisec/CVE-2023-36899\nBlog : https://soroush.me/blog/2023/08/cookieless-duodrop-iis-auth-bypass-app-pool-privesc-in-asp-net-framework-cve-2023-36899/\nBy : Soroush Dalili", "creation_timestamp": "2024-02-10T14:19:07.000000Z"}, {"uuid": "c89f45b5-9b8f-49c4-b1c2-3a10c649c823", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36899", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4901", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-36899 PoC\nURL\uff1ahttps://github.com/d0rb/CVE-2023-36899\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-08-11T14:40:00.000000Z"}, {"uuid": "7c402c07-5675-41f9-a473-9b9710d74ef1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36899", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4929", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-36899\u6f0f\u6d1e\u7684\u590d\u73b0\u73af\u5883\u548c\u5de5\u5177\uff0c\u9488\u5bf9ASP.NET\u6846\u67b6\u4e2d\u7684\u65e0cookie\u4f1a\u8bdd\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u3002\nURL\uff1ahttps://github.com/midisec/CVE-2023-36899\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-08-15T23:39:54.000000Z"}, {"uuid": "475e4146-7a7d-4005-baa4-8202a6d6391b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36899", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/7686", "content": "Cookieless DuoDrop: IIS Auth Bypass & App Pool Privesc in ASP.NET Framework (CVE-2023-36899) | Soroush Dalili (@irsdl) Blog\n\nhttps://soroush.me/blog/2023/08/cookieless-duodrop-iis-auth-bypass-app-pool-privesc-in-asp-net-framework-cve-2023-36899/", "creation_timestamp": "2023-08-21T12:27:19.000000Z"}]}