writeups.xyz / Cookieless DuoDrop: IIS Auth Bypass & App Pool Privesc in ASP.NET Framework (CVE-2023-36899 & CVE-2023-36560)

Submitter : c2a

Date: 8 August 2023

Bounty : undisclosed

Vulnerabilities :

• Authentication Bypass
• Privilege Escalation

Programs :

• Undisclosed

Authors :

• Soroush Dalili (@Irsdl)

Link :
https://soroush.me/blog/2023/08/cookieless-duodrop-iis-auth-bypass-app-pool-privesc-in-asp-net-framework-cve-2023-36899/