datenschrott
CODE WHITE GmbHWe have reproduced "ToolShell", the unauthenticated exploit chain for CVE-2025-49706 + CVE-2025-49704 used by @_l0gg to pop SharePoint at #Pwn2Own Berlin 2025, it's really just one request! Kudos to @mwulftange
To clarify: we did not discover these bugs - all credit goes to @_l0gg We diffed the patches, quickly built a working exploit internally (and identified another auth bypass afterwards)