Tag Archives: Bitrix

Remote Code Execution – Bitrix (CVE-2022-29268) and Jet CSIRT deface case

Leave a reply

Remote Code Execution - Bitrix (CVE-2022-29268) and Jet CSIRT deface case

Remote Code Execution – Bitrix (CVE-2022-29268) and Jet CSIRT deface case.

🔻 The vulnerability is in the “Rejected” status in NVD, although its exploitability has been confirmed. 🤷‍♂️ What is it about? CMS Bitrix can be deployed from the “1C-Bitrix: Virtual Machine” image. Then it is configured in the web setup interface (without authentication). At a certain step there is an option “Upload backup”. Instead of a backup, you can upload a web shell there and it will be installed. 🫠

🔻 What is the risk? Surely no one will expose the initial setup interface to the Internet? 🤔 But people do it, Google dork is available.

🔻 This happened in the Jet CSIRT website deface case as well. In November 2023, the setup interface was exposed for 3 days. The attackers found it and installed the web shell. 🤷‍♂️

Jet states that Bitrix does not consider this to be a vulnerability in the setup interface. So the recommendation: don’t make it accessible from the Internet. 😅🤡

На русском

TOP 5 CVEs that were most often exploited by Positive Technologies pentesters in 2023

Leave a reply

TOP 5 CVEs that were most often exploited by Positive Technologies pentesters in 2023. The report was released on July 2. I generated a rap track on this topic in Russian using Suno. 🙂 English subtitles available.

List of vulnerabilities:

🔻 Remote Code Execution – Microsoft Exchange “ProxyNotShell” (CVE-2022-41040, CVE-2022-41080, CVE-2022-41082)
🔻 Remote Code Execution – Bitrix Site Manager “PollsVotes” (CVE-2022-27228)
🔻 Elevation of Privilege – Polkit “PwnKit” (CVE-2021-4034)

На русском

September 2023: VM courses, Bahasa Indonesia, Russian Podcasts, Goodbye Tinkoff, MS Patch Tuesday, Qualys TOP 20, Linux, Forrester, GigaOm, R-Vision VM

2 Replies

September 2023: VM courses, Bahasa Indonesia, Russian Podcasts, Goodbye Tinkoff, MS Patch Tuesday, Qualys TOP 20, Linux, Forrester, GigaOm, R-Vision VM. Hello everyone! On the last day of September, I decided to record another retrospective episode on how my Vulnerability Management month went.

Alternative video link (for Russia): https://vk.com/video-149273431_456239136

September was quite a busy month for me.

Continue reading