4 Videos for CVE-2022-21449

PRO
Tier
Medium
< 1 Hr.
154
Brown Badge
image of exercise CVE-2022-21449: Introduction
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
CVE-2022-21449: Introduction

In this video, we introduce the challenge CVE-2022-21449, which involves bypassing ECDSA signatures in Java versions 15 through 18. The focus is on generating a JWT token with a specific malicious signature to exploit this vulnerability.

video duration icon01:40 number of views icon101

 

image of exercise CVE-2022-21449: Exploitation part 1 in Ruby
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
Spoiler
CVE-2022-21449: Exploitation part 1 in Ruby

In this video, we cover the challenge CVE-2022-21449 as part of the brown badge series. We demonstrate how to generate an ECDSA signature with r and s values set to zero using Ruby.

video duration icon02:54 number of views icon126

 

image of exercise CVE-2022-21449: Exploitation part 1 in Python
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
Spoiler
CVE-2022-21449: Exploitation part 1 in Python

In this video, we cover the exploitation of CVE-2022-21449 using Python. The objective is to generate a blank ECDSA signature with R and S set to zero to log in as admin@libcurl.so.

video duration icon02:45 number of views icon142

 

image of exercise CVE-2022-21449: Exploitation part 2
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
Spoiler
CVE-2022-21449: Exploitation part 2

In this video, we cover the final step of exploiting CVE-2022-21449 as part of the Brown Badge series. We demonstrate logging in, manipulating cookies, and leveraging encoding techniques to successfully complete the challenge.

video duration icon02:31 number of views icon128