Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

CVE-2022-26629 PoC — SoroushPlus Messenger 访问控制错误漏洞

Source
https://github.com/scopion/CVE-2022-26629
Associated Vulnerability
Title:SoroushPlus Messenger 访问控制错误漏洞 (CVE-2022-26629)
Description:An Access Control vulnerability exists in SoroushPlus+ Messenger 1.0.30 in the Lock Screen Security Feature function due to insufficient permissions and privileges, which allows a malicious attacker bypass the lock screen function.
Readme
# Lock Screen Bypass

## CVE-2022-26629

### Affected Products

- SoroushPlus+ Messenger 1.0.30

### Vulnerability Type

Improper Access Control

### Impact

Lock Screen Bypass

### Summary

Improper handling of insufficient permissions and privileges allows an attacker to modify and overwrite the lock screen functionality causing it to be bypassed without any authorization.

## Exploitation

[BypassLockScreen.py](Lock%20Screen%20Bypass/BypassLockScreen.py)

### Auto Exploit PoC

1. Drop `BypassLockScreen.py` to the your SoroushPlus+ installation directory,
2. Run `Python3 BypassLockScreen.py`.

### **Tested Environments**

- Windows
- Linux

### Demo

![PoC.gif](PoC.gif)
File Snapshot

 [4.0K]  /data/pocs/2eebaa09713ae947d1ee4073afa3fc2a558bebae
├── [4.0K]  Lock Screen Bypass
│   └── [2.6K]  BypassLockScreen.py
├── [2.5M]  PoC.gif
└── [ 681]  README.md

1 directory, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →