CVE-2026-1731

This repository contains a functional PoC for CVE-2026-1731, a pre-authentication RCE vulnerability in BeyondTrust Remote Support/PRA. The exploit leverages command injection via WebSocket handshake manipulation, targeting the `thin-scc-wrapper` script's arithmetic comparison logic.

The repository contains a functional SQL injection exploit for WordPress Quiz Maker (CVE-2025-10042), demonstrating time-based blind SQLi via crafted HTTP headers. The exploit includes data extraction logic for WordPress admin credentials and hashes.

The repository describes a high-severity unauthenticated RCE vulnerability (CVE-2026-1731) affecting RS <=25.3.1 and PRA <=24.3.4 via OS command injection in HTTP POST requests to the /appliance endpoint. The README provides an overview but lacks actual exploit code or technical details.

This repository contains a functional Rust-based exploit for CVE-2026-1731, a blind RCE vulnerability affecting Privileged Remote Access and Remote Support software. The exploit establishes a WebSocket connection, sends a crafted payload to execute arbitrary commands, and handles both HTTP and HTTPS targets.

This repository contains a passive vulnerability scanner for CVE-2026-1731, a critical pre-authentication RCE vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA). The scanner uses multiple HTTP-based fingerprinting techniques to detect vulnerable instances without sending exploit payloads.

This repository contains a functional Rust-based PoC for CVE-2026-1731, a blind RCE vulnerability affecting Privileged Remote Access (<=24.3.4) and Remote Support (<=25.3.1). The exploit sends crafted requests to vulnerable endpoints and executes arbitrary commands without returning output.

The repository contains a Python-based scanner for detecting potential exposure to CVE-2026-1731, a critical pre-authentication RCE vulnerability in BeyondTrust Remote Support and Privileged Remote Access. It checks for accessible endpoints but does not include exploit code for command execution.

This repository contains a functional Rust-based PoC for CVE-2026-1731, a blind RCE vulnerability in Privileged Remote Access and Remote Support software. The exploit establishes a WebSocket connection and sends a crafted payload to execute arbitrary commands.

This repository contains a functional Python-based PoC for CVE-2026-1731, a pre-authentication RCE vulnerability in BeyondTrust Remote Support systems. The exploit automates discovery of Organization IDs and leverages WebSocket injection via websocat to execute commands.

This repository contains a functional exploit for CVE-2026-1731, a pre-authentication command injection vulnerability in BeyondTrust Remote Support and Privileged Remote Access. The exploit leverages Bash arithmetic evaluation on attacker-controlled input in the 'thin-scc-wrapper' script to achieve remote code execution.

This repository contains a Python-based scanner for detecting exposed BeyondTrust Remote Support / Privileged Remote Access services potentially vulnerable to CVE-2026-1731. It performs passive fingerprinting and service detection without exploiting the vulnerability.

The repository claims to provide an exploit for CVE-2026-1731 but lacks actual exploit code, instead directing users to an external download link. The README contains vague marketing language and no technical details about the vulnerability.

This Metasploit module exploits CVE-2026-1731, an unauthenticated remote code execution vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) via command injection in a WebSocket connection. It leverages a Bash arithmetic evaluation flaw to execute arbitrary commands.