{"vulnerability": "cve-2022-23779", "sightings": [{"uuid": "db389376-7b60-4f21-89c6-3bc3e36d1db7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-23779", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/952", "content": "CVE-2022-23779\n\u0412\u043e\u0442 \u0441\u0435\u0439\u0447\u0430\u0441 \u0441\u043c\u0435\u0448\u043d\u043e \u0431\u0443\u0434\u0435\u0442\nZoho Internal Hostname Disclosure Vulnerability\nStep 1: curl -ILk https://IP:port/themes\nStep 2: Read the HTTP redirect response and anaylze the Location HTTP response header.\n*\nBONUS #Shodan : title:\"ManageEngine Desktop Central 10\"\ngithub\n#zoho  #funnyExploit", "creation_timestamp": "2022-09-06T17:34:37.000000Z"}, {"uuid": "8ba55c88-a099-4baf-8cd6-f71681343b35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-23779", "type": "seen", "source": "https://t.me/cibsecurity/38305", "content": "\u203c CVE-2022-23779 \u203c\n\nZoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-02T18:25:11.000000Z"}, {"uuid": "fefe22ea-ccb5-4f0e-96b9-3b2cff27221d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-23779", "type": "published-proof-of-concept", "source": "Telegram/tYT7tTTfhGxqZ9lCl1roOH_fSnqZvveWSp3QRbA5RMgY4O0", "content": "", "creation_timestamp": "2022-09-12T18:40:13.000000Z"}, {"uuid": "e7a3f07f-0f0d-41d5-ad72-198d3bcfa252", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-23779", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/6670", "content": "#exploit\n1. CVE-2022-23779:\nInternal Hostname Disclosure Vulnerability\nhttps://github.com/Vulnmachines/Zoho_CVE-2022-23779\n\n2. CVE-2022-37153:\nXSS vulnerability in Artica Proxy 4.30.0\nhttps://github.com/Fjowel/CVE-2022-37153\n\n3. CVE-2022-1802 + CVE-2022-1529 + CVE-2022-2200:\nMozilla Firefox RCE + SBX full chain complete\nhttps://github.com/mistymntncop/CVE-2022-1802", "creation_timestamp": "2022-08-25T15:01:03.000000Z"}, {"uuid": "608de869-276a-4c25-84b2-2b6f1b7e00f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-23779", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/1592", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-23779: Internal Hostname Disclosure Vulnerability\nURL\uff1ahttps://github.com/fbusr/CVE-2022-23779", "creation_timestamp": "2022-03-05T21:06:23.000000Z"}, {"uuid": "d4a77e21-8233-403c-af0c-ca966b689590", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-23779", "type": "published-proof-of-concept", "source": "Telegram/kEi9aG3in_m6wEBgriTJElzfBktIEkXFyp3h_KxyuN5JDe4", "content": "", "creation_timestamp": "2026-01-10T09:00:04.000000Z"}]}