POC详情: 0dce39a889c412627bc4a384acd7f69450d0d962

来源
https://github.com/Chocapikk/CVE-2023-35082
关联漏洞
标题: Ivanti EPMM 授权问题漏洞 (CVE-2023-35082)
描述:Ivanti EPMM是美国Ivanti公司的一个移动管理软件引擎。 Ivanti EPMM 11.10及之前版本存在安全漏洞,该漏洞源于存在身份验证绕过漏洞,允许未经授权的用户在未经正确身份验证的情况下访问应用程序的受限功能或资源。
描述
Remote Unauthenticated API Access Vulnerability in MobileIron Core 11.2 and older
介绍
# 🕵️ Vulnerability Scanner 🛡️

This Python script helps you scan websites for specific vulnerabilities and fetches information regarding authorized users.

## 📌 Features

- Scans URLs for known vulnerabilities (CVE-2023-35082, CVE-2023-35078).
- Retrieves and prints the first 10 email addresses, display names, last login IPs, and roles.
- Supports mass scanning through a file containing a list of URLs.
- Can output results to a file.

## 🔧 How to Use

1. Clone the repository or download the script.
2. Install the required dependencies:

   ```bash
   pip install -r requirements.txt
   ```

3. Run the script with the desired options:

   - Single URL:

     ```bash
     python exploit.py -u <URL> --verbose
     ```

   - Multiple URLs from a file:

     ```bash
     python exploit.py -f <file.txt> --verbose
     ```

   - Save output to a file:

     ```bash
     python exploit.py -u <URL> -o <output_file.txt>
     ```

## 🎓 Parameters

- `-u, --url`: Base URL for the request.
- `-f, --file`: File containing a list of URLs for mass scanning.
- `-o, --output`: Output file to save vulnerable URLs and first 5 emails.
- `--verbose`: Verbose mode (optional).

## 🛑 Disclaimer

Please use this script responsibly and only on websites that you have the proper authorization to scan. Unauthorized scanning may lead to legal issues.
文件快照

 [4.0K]  /data/pocs/0dce39a889c412627bc4a384acd7f69450d0d962
├── [5.6K]  exploit.py
├── [1.3K]  README.md
└── [  69]  requirements.txt

0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。