4 Videos for CVE-2022-21449

PRO
Tier
difficulty_medium_icon
Medium
clock icon
< 1 Hr.
number of users completed icon
162
badge icon
Brown Badge
image of exercise CVE-2022-21449: Introduction
play btn
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
CVE-2022-21449: Introduction

In this video, we introduce the challenge CVE-2022-21449, which involves bypassing ECDSA signatures in Java versions 15 through 18. The focus is on generating a JWT token with a specific malicious signature to exploit this vulnerability.

video duration icon01:40 number of views icon107

 

image of exercise CVE-2022-21449: Exploitation part 1 in Ruby
play btn
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
Spoiler
CVE-2022-21449: Exploitation part 1 in Ruby

In this video, we cover the challenge CVE-2022-21449 as part of the brown badge series. We demonstrate how to generate an ECDSA signature with r and s values set to zero using Ruby.

video duration icon02:54 number of views icon134

 

image of exercise CVE-2022-21449: Exploitation part 1 in Python
play btn
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
Spoiler
CVE-2022-21449: Exploitation part 1 in Python

In this video, we cover the exploitation of CVE-2022-21449 using Python. The objective is to generate a blank ECDSA signature with R and S set to zero to log in as admin@libcurl.so.

video duration icon02:45 number of views icon149

 

image of exercise CVE-2022-21449: Exploitation part 2
play btn
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
Spoiler
CVE-2022-21449: Exploitation part 2

In this video, we cover the final step of exploiting CVE-2022-21449 as part of the Brown Badge series. We demonstrate logging in, manipulating cookies, and leveraging encoding techniques to successfully complete the challenge.

video duration icon02:31 number of views icon138