all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

From Zero to Hero Part 2: Intel DCM From SQL Injection to RCE (CVE-2022-21225)

Add to bookmarks
Dec. 1, 2022, 3:16 p.m. | Julien Ahrens

RCE Security www.rcesecurity.com

Introduction You’ve probably enjoyed my previous post about bypassing Intel DCM’s authentication mechanism to gain unauthorized access. This gave us the lowest possible “Guest” privileges in the DCM console. The second part will now show you a possible way to get Remote Code Execution on the underlying host by exploiting an authenticated SQL Injection vulnerability, […]

advisory bug bounty cve hero injection intel rce sql sql injection

Visit resource

More from www.rcesecurity.com / RCE Security

Patch Diffing CVE-2023-28121 to Compromise a WooCommerce 9 months, 2 weeks ago | www.rcesecurity.com
advisory authentication authentication bypass back +23
SecurePwn Part 2: Leaking Remote Memory Contents (CVE-2023-22897) 1 year ago | www.rcesecurity.com
advisory cve exploit flashback +9
SecurePwn Part 1: Bypassing SecurePoint UTM’s Authentication (CVE-2023-22620) 1 year ago | www.rcesecurity.com
access advisory authentication bugs +18
From Zero to Hero Part 2: Intel DCM From SQL Injection to RCE (CVE-2022-21225) 1 year, 4 months ago | www.rcesecurity.com
advisory bug bounty cve hero +5
From Zero to Hero Part 1: Bypassing Intel DCM’s Authentication by Spoofing Kerberos and LDAP … 1 year, 4 months ago | www.rcesecurity.com
authentication bug bounty bypassing cve +5
WordPress Transposh: Exploiting a Blind SQL Injection via XSS 1 year, 8 months ago | www.rcesecurity.com
bug bounty exploiting injection sql +3
AWAE Course and OSWE Exam Review 1 year, 11 months ago | www.rcesecurity.com
certifications course exam oswe +1

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Staff DFIR Investigator

@ SentinelOne | United States - Remote
View on infosec-jobs.com

Senior Consultant.e (H/F) - Product & Industrial Cybersecurity

@ Wavestone | Puteaux, France
View on infosec-jobs.com

Information Security Analyst

@ StarCompliance | York, United Kingdom, Hybrid
View on infosec-jobs.com

Senior Cyber Security Analyst (IAM)

@ New York Power Authority | White Plains, US
View on infosec-jobs.com
View more jobs