NoorahSmith/godkiller-oauth2

Vulnerabilities you my miss during a penetration testing.

godkiller

A repository containing zero-day vulnerabilities and proof-of-concepts (PoCs) of undisclosed CVEs discovered during penetration testing or my security research

This repository is constantly updating

PoCs:

• CVE-2022-1970: Keycloak Oauth2 Account Takeover via Open Redirect: https://github.com/j4k0m/godkiller/tree/main/CVE-2022-1970_account_takeover_poc
• CVE-2020-11431: i-net Clear Reports 16.0 to 19.2 Local file read: https://github.com/j4k0m/godkiller/tree/main/CVE-2020-11431_arbitrary_file_read_poc
• CVE-2023-30019: Error-Based SSRF in imgproxy: https://github.com/j4k0m/godkiller/tree/main/CVE-2023-30019_ssrf_imgproxy
• I-net Clear Reports XSS: https://github.com/j4k0m/godkiller/tree/main/i-net_clear_reports_xss
• CVE-2020-27838: Keycloak Unauthorized retrieval of client secret: https://github.com/j4k0m/godkiller/tree/main/CVE-2020-27838_poc
• Open Redirect in keycloak in /logout endpoint: https://github.com/j4k0m/godkiller/tree/main/keycloak_openredirect_logout
• ArcGis Blind-SSRF: https://github.com/j4k0m/godkiller/tree/main/arcgis_blind_ssrf

Contact:

My discord for collaborations or questions: .jakom