[–] bouncyhat 2y ago ↗ Technical details behind the discovery and exploitation of CVE-2023-41265 and CVE-2023-41266.Relevant Security Advisory: https://community.qlik.com/t5/Official-Support-Articles/Crit...Nuclei Detection Template: https://github.com/praetorian-inc/zeroqlik-detectTL;DR - how do I detect this on my resources? [vulnerable instances will return a 400]: curl -H "X-Qlik-Xrfkey: 1333333333333337" -H "Host: localhost" -v -k --path-as-is https://<yourserver>/resources/qmc/fonts/../../../qrs/Reload...
1 comment
[ 1.5 ms ] story [ 8.8 ms ] threadRelevant Security Advisory: https://community.qlik.com/t5/Official-Support-Articles/Crit...
Nuclei Detection Template: https://github.com/praetorian-inc/zeroqlik-detect
TL;DR - how do I detect this on my resources? [vulnerable instances will return a 400]: curl -H "X-Qlik-Xrfkey: 1333333333333337" -H "Host: localhost" -v -k --path-as-is https://<yourserver>/resources/qmc/fonts/../../../qrs/Reload...