POC详情: 5c45c09218f6f97afcf66381dae17b9bfce4cd1c

来源
https://github.com/0dteam/CVE-2024-22024
关联漏洞
标题: Ivanti Connect Secure和Ivanti Policy Secure 代码问题漏洞 (CVE-2024-22024)
描述:Ivanti Connect Secure和Ivanti Policy Secure都是美国Ivanti公司的产品。Ivanti Connect Secure是安全远程网络连接工具。Ivanti Policy Secure是一个网络访问控制 (NAC) 解决方案。 Ivanti Connect Secure和Ivanti Policy Secure存在代码问题漏洞,该漏洞源于存在XML外部实体注入漏洞,允许攻击者在不知情的情况下访问某些受限资源。
描述
Check for CVE-2024-22024 vulnerability in Ivanti Connect Secure
介绍
# CVE-2024-22024
Check for CVE-2024-22024 vulnerability in Ivanti Connect Secure

> [!WARNING]
> FOR EDUCATIONAL PURPOSE AND AUTHORIZED TESTING ONLY.

### Parameters
- `-u` or `--target_url`: The target Ivanti Connect Secure (ICS) URL or file with list of URLs.

- `-c` or `--attacker_url`: The attacker URL (generate one using Burp Collaborator, ngrok, or by using a unique URL from [Webhook.site](https://webhook.site))

- `-t` or `--timeout`: Timeout in seconds for the request (default is 3 seconds)


### How to use
Testing a single URL:

`python .\cve_2024_22024.py -u http://vpn.example.com -c http://potatodynamicdns.oastify.com`

Testing list of URLs:

`python .\cve_2024_22024.py -u .\urls_list.txt -c http://potatodynamicdns.oastify.com`

Using a different timeout (5 seconds):

`python .\cve_2024_22024.py -u .\urls_list.txt -c http://potatodynamicdns.oastify.com -t 5`

# Credits
Whoever discovered the vulnerability .. I just read the PoC and automated this.

[0dteam website](https://www.0d.ae)
文件快照

 [4.0K]  /data/pocs/5c45c09218f6f97afcf66381dae17b9bfce4cd1c
├── [2.4K]  cve_2024_22024.py
└── [1010]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。