[miyako]

Hidden Content

You must register or login to view this content.

A comprehensive security testing tool for detecting and exploiting the authentication bypass vulnerability (CVE-2025-40554 / CVE-2025-40536) in SolarWinds Web Help Desk.

CVE-2025-40554 is a critical authentication bypass vulnerability in SolarWinds Web Help Desk that allows unauthenticated attackers to:

• Bypass authentication mechanisms
  
• Access privileged administrative functions (Authentication)
  
• Enumerate system configuration
  

Exploitation Flow:

1. Session Establishment
   • Connects to WHD instance
     
   • Extracts WOSID (WebObjects Session ID) from multiple sources
     
   • Captures XSRF token if present
     
2. Authentication Bypass
   • Crafts malicious URL with WOSID injection
     
   • Exploits path traversal in WebObjects routing
     
   • Bypasses authentication checks
     
3. Credential Testing (optional)
   • Parses login form with CSRF protection
     
   • Tests default credentials (client/client)
     
   • Validates successful authentication
     
4. Full Exploitation (--exploit mode)
   • Exports session cookies
     
   • access email, tickets, database, users, (removed)
     

The tool detects successful bypass by checking for:

• externalAuthContainer
  - External auth configuration
  
• JSONRpcClient
  - API client exposure
  
• SAML 2.0
  - SSO configuration
  
• LoginPref
  - Login preference settings
  
• authMode
  - Authentication mode settings
  

[antisocial]

you greedy fuck, taking 8 credits :c

i would have paid it, but after casino came in we are in the trenches

[miyako]

you greedy fuck, taking 8 credits :c

i would have paid it, but after casino came in we are in the trenches

to beat the recession you must cause your own recession

[cysc]

damn u made me pay 8 credits for public github script? you are a real jew and i like it, keep it up