{"vulnerability": "cve-2023-28131", "sightings": [{"uuid": "acfb5e52-a667-413d-95f8-4d28705c4ef1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28131", "type": "seen", "source": "Telegram/VUS5Rz3PzOTtsLRB7FOnWWzKsiqLdNCl-lezRU_sHFwHOSXl", "content": "", "creation_timestamp": "2025-02-06T02:41:38.000000Z"}, {"uuid": "de61f85d-76a1-47be-b5d9-d483e1330ecb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28131", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/8371", "content": "#exploit\n1. CVE-2023-2825:\nPath traversal vulnerability in GitLab 16.0.0\nhttps://github.com/Occamsec/CVE-2023-2825\n\n2. CVE-2023-28131:\nExpo Framework AuthSession Redirect Proxy redirect\nhttps://salt.security/blog/a-new-oauth-vulnerability-that-may-impact-hundreds-of-online-services", "creation_timestamp": "2023-05-27T12:37:01.000000Z"}, {"uuid": "5bddc20c-c549-4d7e-b86a-4ca3be450ed0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28131", "type": "seen", "source": "https://t.me/KomunitiSiber/270", "content": "Critical OAuth Vulnerability in Expo Framework Allows Account Hijacking\nhttps://thehackernews.com/2023/05/critical-oauth-vulnerability-in-expo.html\n\nA critical security vulnerability has been disclosed in the Open Authorization (OAuth) implementation of the application development framework Expo.io.\nThe shortcoming, assigned the CVE identifier\u00a0CVE-2023-28131, has a severity rating of 9.6 on the CVSS scoring system. API security firm Salt Labs\u00a0said\u00a0the issue rendered services using the framework susceptible to credential leakage, which could", "creation_timestamp": "2023-05-27T12:04:21.000000Z"}, {"uuid": "ef35565d-2840-4f59-87ae-1c285029be0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28131", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3067", "content": "Cybersecurity News - Hackers Factory\n\n\u200aThe Week in Ransomware - May 2023 - Cities Under Attack\n\nhttps://www.bleepingcomputer.com/news/security/the-week-in-ransomware-may-26th-2023-cities-under-attack/\n\n\u200aDark Frost Botnet targets the gaming sector with powerful DDoS\n\nhttps://securityaffairs.com/146683/malware/dark-frost-botnet.html\n\n\u200aPhishing Domains Tanked After Meta Sued Freenom\n\nhttps://krebsonsecurity.com/2023/05/phishing-domains-tanked-after-meta-sued-freenom/\n\n\u200aChatGPT & Bing \u2013 Indirect Prompt-Injection Attacks Leads to Data Theft\n\nhttps://gbhackers.com/indirect-prompt-injection-attacks/\n\n\u200aChatGPT CEO May Leave Europe If It Could Not Compile With AI Regulations\n\nhttps://gbhackers.com/chatgpt-ceo/\n\n\u200aFree VPN Data Breach \u2013 Over 360 Million User Records Exposed\n\nhttps://gbhackers.com/free-vpn-data-breach/\n\n\u200aWindows XP Activation Algorithm Cracked \u2013 Works With Linux\n\nhttps://cybersecuritynews.com/windows-xp-activation-algorithm/\n\n3 ways for Dynamic Code Loading in Android\n\nhttps://erev0s.com/blog/3-ways-for-dynamic-code-loading-in-android/\n\nWriting a Sliver C2 Powershell Stager with Shellcode Compression and AES Encryption\n\nhttps://medium.com/@youcef.s.kelouaz/writing-a-sliver-c2-powershell-stager-with-shellcode-compression-and-aes-encryption-9725c0201ea8\n\nMy Methods To Achieve Persistence In Linux Systems\n\nhttps://flaviu.io/advanced-persistent-threat/\n\nExploiting misconfigured Google Cloud Service Accounts from GitHub Actions\n\nhttps://www.revblock.dev/exploiting-misconfigured-google-cloud-service-accounts-from-github-actions/\n\nCVE-2023-28131: Expo Framework AuthSession Redirect Proxy redirect\n\nhttps://salt.security/blog/a-new-oauth-vulnerability-that-may-impact-hundreds-of-online-services\n\nPaperCut Exploitation - A Different Path to Code Execution\n\nhttps://vulncheck.com/blog/papercut-rce\n\nInfecting SSH Public Keys with backdoors\n\nhttps://blog.thc.org/infecting-ssh-public-keys-with-backdoors\n\nVulnerability Spotlight: CVE-2023-0264\n\nhttps://mogwailabs.de/en/blog/2023/04/vulnerability-spotlight-cve-2023-0264/\n\nBypass Windows Defenses with Malware as Service\n\nhttps://read.martiandefense.llc/bypass-windows-defenses-with-malware-as-service-a7f99bacb7af\n\nBandit Stealer\n\nhttps://www.trendmicro.com/en_us/research/23/e/new-info-stealer-bandit-stealer-targets-browsers-wallets.html\n\nNixImports a .NET loader using HInvoke\n\nhttps://dr4k0nia.github.io/posts/NixImports-a-NET-loader-using-HInvoke/\n\nDrone Reverse Engineering using Packet Dissection with Wireshark\n\nhttps://read.martiandefense.llc/drone-reverse-engineering-using-packet-dissection-with-wireshark-a8fca5ae5476\n\nTechnical Analysis of Pikabot malicious backdoor\n\nhttps://www.zscaler.com/blogs/security-research/technical-analysis-pikabot\n\n#infosec #cybersecurity \n\nhttps://t.me/dilagrafie\nhttps://t.me/HackerFactory", "creation_timestamp": "2023-06-26T02:49:49.000000Z"}, {"uuid": "3f93715f-59eb-4ff6-a0a4-682e5b05e3b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28131", "type": "seen", "source": "Telegram/4JcQAuBxmm8dw44PH__vyl2tx5RMR2k6iaSB2MvR2ejzDQ", "content": "", "creation_timestamp": "2023-05-27T12:36:19.000000Z"}]}