Cve-2024-28269

From Discovery to Disclosure: ReCrystallize Server Vulnerabilities

22 March 2024 ~8 min By Paul van der Haas

Exploit Vulnerability Webapps Cve-2024-26331 Cve-2024-28269 Web Application

TL&DR – While on an assessment, I found an instance of ReCrystallize Server. It had many problems, some of which had to do with insufficient hardening on the client’s side while others were new vulnerabilities I found that when chained together, achieve Remote Code Execution (RCE). These vulnerabilities were disclosed to ReCrystallize Software and MITRE. Besides the disclosed vulnerabilities, some “features” were also used for malicious purposes. The replication and validation of the findings were done on my own test environment.

Exploit
Vulnerability
Webapps
Cve-2024-26331
Cve-2024-28269
Web Application

Page 1 of 1