CVE-2021-42392
/Practice/Jacko/3-Exploitation/attachments/{A0576A4B-EE6F-4F67-B9A1-61C5BEA42773}.png)
A vulnerability was found in H2 Database (the affected version is unknown). It has been declared as critical. This vulnerability affects the function org.h2.util.JdbcUtils.getConnection. The manipulation with an unknown input leads to a deserialization vulnerability. The CWE definition for the vulnerability is CWE-502. The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid. As an impact it is known to affect confidentiality, integrity, and availability.
Exploit
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/jacko]
└─$ searchsploit h2 1.4.199
----------------------------------------- ---------------------------------
Exploit Title | Path
----------------------------------------- ---------------------------------
H2 Database 1.4.199 - JNI Code Execution | java/local/49384.txt
----------------------------------------- ---------------------------------
Shellcodes: No Results
Papers: No ResultsExploit found locally