POC详情: 17e65be0940ff8255882e56de68a676085a6cc37

来源
https://github.com/horizon3ai/Ivanti-EPM-Coercion-Vulnerabilities
关联漏洞
标题: Ivanti EPM 安全漏洞 (CVE-2024-13159)
描述:Ivanti EPM是美国Ivanti公司的一个一站式管理用户配置文件和所有客户端设备的软件。 Ivanti EPM存在安全漏洞,该漏洞源于包含一个绝对路径遍历,允许远程未经身份验证的攻击者利用该漏洞泄露敏感信息。
描述
Proof of concept exploit for Ivanti EPM CVE-2024-13159 and others
介绍
# Ivanti EPM Coercion Vulnerabilities
Proof of concept exploits for Ivanti EPM CVE-2024-13159 and others which allows for unauthenticated coercion of the Ivanti EPM machine credential for use in relay attacks.

## Blog Post
Deep-dive analysis here:
[https://www.horizon3.ai/attack-research/attack-blogs/ivanti-endpoint-manager-multiple-credential-coercion-vulnerabilities/](https://www.horizon3.ai/attack-research/attack-blogs/ivanti-endpoint-manager-multiple-credential-coercion-vulnerabilities/)

## Usage
```
% python3 CVE-2024-13159.py -h
usage: CVE-2024-13159.py [-h] -u URL -t TARGET

options:
  -h, --help            show this help message and exit
  -u URL, --url URL     The base URL of the target
  -t TARGET, --target TARGET
                        The target IP to reach out to
```

## Follow the Horizon3.ai Attack Team on Twitter for the latest security research:
*  [Horizon3 Attack Team](https://twitter.com/Horizon3Attack)
*  [James Horseman](https://twitter.com/JamesHorseman2)
*  [Zach Hanley](https://twitter.com/hacks_zach)

## Disclaimer
This software has been created purely for the purposes of academic research and for the development of effective defensive techniques, and is not intended to be used to attack systems except where explicitly authorized. Project maintainers are not responsible or liable for misuse of the software. Use responsibly.
文件快照

 [4.0K]  /data/pocs/17e65be0940ff8255882e56de68a676085a6cc37
├── [1.4K]  CVE-2024-13159.py
└── [1.3K]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。