This repository holds the advisory, exploits and vulnerable software of the CVE-2020-14293# CVE-2020-14293
This vulnerablity was discovered and disclosed by me. This repository will hold the advisory, vulnerable software and the exploits.
This repository is only for educational purposes.
# Links
- [Advisory SYSS-2020-025](https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-025.txt)
- [Detailed writeup](https://hesec.de/posts/cve-2020-14293a14294/)
- [SySS Blog entry](https://www.syss.de/pentest-blog/syss-2020-024-und-syss-2020-025-zwei-schwachstellen-in-file-transfer-loesung-von-qiata)
- [Exploit on Exploit-DB](https://www.exploit-db.com/exploits/xxxxx - TODO)
- [Vendor notice](https://www.secudos.de/news-und-events/aktuelle-news/sicherheitsluecken-in-domos-und-qiata-2-0-behoben)
- [MITRE Entry](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14293)
- [NVD Entry](https://nvd.nist.gov/vuln/detail/CVE-2020-14293)
# Software
The software you can find in the release page. It is a vmdk which worked in virtualbox for me. Further instructions are here: [Release Page](https://github.com/patrickhener/CVE-2020-14293/releases/tag/1.0.0)
[4.0K] /data/pocs/7ee6f66d29e2d89c24fed6335bf17699cc771d15
├── [4.0K] advisory
│ └── [5.4K] SYSS-2020-025.txt.asc
├── [4.0K] exploits
│ ├── [6.9K] domos_priv_esc.rb
│ ├── [3.7K] domos-rev-shell.py
│ ├── [7.1M] syss-2020-025
│ ├── [6.1M] syss-2020-025.exe
│ └── [6.5K] syss-2020-025.go
└── [1.1K] README.md
2 directories, 7 files