MCPcopy Create free account
hub / github.com/Wh04m1001/CVE-2023-21752

github.com/Wh04m1001/CVE-2023-21752 @main

Chat with this repo
repository ↗ · DeepWiki ↗ · + Follow
59 symbols 95 edges 9 files 0 documented · 0% updated 3y ago★ 3254 open issues

Browse by type

Functions 47 Types & classes 12
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

CVE-2023-21752

PoC for arbitrary file delete vulnerability in Windows Backup service.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21752

This repo contains two exploits:

v1 - Just perform file delete of user choice

v2 - Tries to abuse arb delete to spawn elevated cmd shell (not very stable probably need to run it couple of times, better work on phisycal machine)

https://user-images.githubusercontent.com/44291883/211601142-c04534e5-f718-478d-b91a-65d6a4f06080.mp4

Timeline

  • 07/07/2022 - Vulnerability reported to MSRC
  • 08/10/2022 - MSRC confirmed vulnerability
  • 08/12/2022 - Bounty awarded
  • 01/10/2023 - Patch released

Core symbols most depended-on inside this repo

Shape

Function 29
Method 18
Class 12

Languages

C++100%

Modules by API surface

v2/SDRsvcEop/main.cpp16 symbols
v1/SDRsvcEop/main.cpp13 symbols
v2/SDRsvcEop/FileOplock.cpp9 symbols
v1/SDRsvcEop/FileOplock.cpp9 symbols
v2/SDRsvcEop/def.h5 symbols
v1/SDRsvcEop/def.h5 symbols
v2/SDRsvcEop/FileOplock.h1 symbols
v1/SDRsvcEop/FileOplock.h1 symbols

For agents

$ claude mcp add CVE-2023-21752 \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact

Ask about this repo answers extend the page