{"vulnerability": "cve-2020-17523", "sightings": [{"uuid": "95e8e2e0-1e90-4874-b0e2-5a08f773db3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-17523", "type": "published-proof-of-concept", "source": "https://t.me/pwnwiki_zhchannel/15", "content": "CVE-2020-17523 Apache Shiro pathMatches \u8eab\u4efd\u8a8d\u8b49\u7e5e\u904e\u6f0f\u6d1e\nhttps://www.pwnwiki.org/index.php?title=CVE-2020-17523_Apache_Shiro_pathMatches_%E8%BA%AB%E4%BB%BD%E8%AA%8D%E8%AD%89%E7%B9%9E%E9%81%8E%E6%BC%8F%E6%B4%9E", "creation_timestamp": "2021-09-21T06:42:55.000000Z"}, {"uuid": "959c5520-10f7-4c42-8d5b-f9304fef24f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-17523", "type": "seen", "source": "https://t.me/reconshell/695", "content": "CVE-2020-17523\n\nApache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.\n\nhttps://cve.reconshell.com/cve/CVE-2020-17523", "creation_timestamp": "2021-04-25T08:04:48.000000Z"}, {"uuid": "2ee14a09-acf0-4aea-9fff-b8be69ca526c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-17523", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2661", "content": "#Analytics\n10 most exploited vulnerabilities of the week (feb 1-7)\nCVE-2020-1350 - Exploit SIGRed/Windows DNS Server RCE\nhttps://t.me/cybersecuritytechnologies/1422\nCVE-2021-3156 - Heap-Based Buffer Overflow in Sudo\nhttps://t.me/cybersecuritytechnologies/2577\nCVE-2020-7961 - Arbitrary code execution via JSONWS\nhttps://t.me/cybersecuritytechnologies/869\nCVE-2021-25646 - Apache Druid <=0.20.1 RCE\nhttps://t.me/cybersecuritytechnologies/2639\nCVE-2020-27932 - A type confusion in MacOS 10.15.7\nhttps://t.me/cybersecuritytechnologies/2383\nCVE-2019-9041 - ZzzCMS RCE\nhttps://mobile.twitter.com/i/web/status/1357931580098899970\nCVE-2021-22122 - XSS vulnerability in FortiWeb\nhttps://vulmon.com/vulnerabilitydetails?qid=CVE-2021-22122\nCVE-2019-5127 - A cmd injection in YouPHPTube Encoder\nhttps://mobile.twitter.com/i/web/status/1357546718821142528\nCVE-2020-17523 - Apache Shiro pathMatches Auth. Bypass\nhttps://t.me/cybersecuritytechnologies/2650", "creation_timestamp": "2024-05-22T06:15:17.000000Z"}, {"uuid": "bea49b55-210f-4aac-a6a6-3143550b4c0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-17523", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2650", "content": "#exploit\nCVE-2020-17523:\nApache Shiro pathMatches Authentication Bypass\n\ncondition: Shiro with Spring\n\n/admin/[space] \n/admin/%20\n\nPoC:\ncurl -v http://[Vimtim]/admin/%20/\nhttps://github.com/jweny/shiro-cve-2020-17523", "creation_timestamp": "2022-01-09T19:07:40.000000Z"}, {"uuid": "e412ae9b-2af1-4e32-bdb0-533d550a6dd3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-17523", "type": "published-proof-of-concept", "source": "https://t.me/reconshell/408", "content": "CVE-2020-17523 Apache Shiro authentication bypass analysis\n\n#InfoSec #CyberSecurity #Shiro #ApacheShiro #CVE-2020-17523 #Vulnerability\n#VulnerabilityAnalysis\n\nhttps://upurl.me/wj7w7", "creation_timestamp": "2021-02-05T17:20:22.000000Z"}]}