POC详情: 8e036003532e8cdcd32edd3983de8a320993ed98

来源
关联漏洞
标题: Palo Alto Networks PAN-OS 安全漏洞 (CVE-2024-0012)
描述:Palo Alto Networks PAN-OS是美国Palo Alto Networks公司的一套为其防火墙设备开发的操作系统。 Palo Alto Networks PAN-OS存在安全漏洞,该漏洞源于存在身份验证绕过问题,导致攻击者能够获得PAN-OS管理员权限,以执行管理操作和篡改配置等。
描述
PANW NGFW CVE-2024-0012
介绍
# Palo Alto PAN-OS CVE-2024-0012 Vulnerability Checker

This Python script checks for the presence of a critical authentication bypass vulnerability in Palo Alto Networks PAN-OS Management Web Interface, identified as **CVE-2024-0012**. The vulnerability enables an unauthenticated attacker to gain administrative privileges, tamper with configuration, or exploit other privilege escalation vulnerabilities.

## Features
- **Automated Vulnerability Check**: Sends HTTP GET requests to the target and evaluates conditions based on response status, headers, and content.
- **Interactive or Command-Line Arguments**:
  - Specify a single target with `-t` or a file of targets with `-f`.
  - If no arguments are provided, the script switches to interactive mode, prompting the user for input.
- **Summary and Detailed Output**:
  - Summarizes results for all targets.
  - Optionally displays detailed results for vulnerable targets with the `-d` argument or via user prompt in interactive mode.
- **Prettified Output**: Uses the `rich` library to display results in a clean, human-readable format.
- **Error Handling**: Gracefully handles network errors and SSL verification issues.

## Requirements
- Python 3.7 or newer
- `requests` library for HTTP requests
- `rich` library for styled output

### Installation
1. Clone the repository or download the script.
2. Install required dependencies:
   ```bash
   pip install -r requirements.txt
   ```

## Usage
### Basic Usage
To check a single target interactively:
```bash
python main.py
```

### Command-Line Arguments
#### Single Target
Specify a single FQDN or IP:
```bash
python main.py -t 127.0.0.1
```

#### Multiple Targets from a File
Provide a file containing a list of targets (one per line):
```bash
python main.py -f targets.txt
```

#### Print Detailed Results
Use the `-d` or `--details` flag to automatically print detailed results for all vulnerable targets:
```bash
python main.py -t 127.0.0.1 -d
```

### Output
#### Vulnerable Target
```plaintext
[!] Target -appears- vulnerable!

┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃ Key                         ┃ Value                                                    ┃
┡━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
┃ URL                         ┃ https://127.0.0.1/php/utils/CmsGetDeviceSoftwareVersio…  ┃
┃ Status Code                 ┃ 200                                                      ┃
┃ Headers                     ┃ {"Date": "Wed, 20 Nov 2024 15:29:31 GMT", ...            ┃
┃ Body Contains '0.0.0'       ┃ Yes                                                      ┃
└─────────────────────────────┴──────────────────────────────────────────────────────────┘
```

#### Non-Vulnerable Target
```plaintext
[+] Target does not appear to be vulnerable.
Message: No matching conditions met.
```

#### Summary Table
At the end of the scan, a summary table lists all targets and their statuses:
```plaintext
┏━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━┓
┃ Target                ┃ Status          ┃
┡━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━┩
┃ 127.0.0.1             ┃ Vulnerable      ┃
┃ example.com           ┃ Not Vulnerable  ┃
└───────────────────────┴─────────────────┘
```

#### Errors
```plaintext
[bold red]Error:[/bold red] HTTPSConnectionPool(host='127.0.0.1', port=443): Max retries exceeded with URL: /php/utils/CmsGetDeviceSoftwareVersion.php/.js.map (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x...>: Failed to establish a new connection: [Errno 11001] getaddrinfo failed'))
```

## Notes
- **Interactive Prompt**: If no `--target` or `--file` argument is provided, the script prompts for interactive input.
- **SSL Warnings**: The script disables SSL warnings for self-signed certificates. Use cautiously in secure environments.
- **Limitations**: This tool is designed for educational and authorized security assessments only. Unauthorized use against systems you do not own or manage may violate laws or policies.

## License
This script is released under the MIT License. See `LICENSE` file for details.

## Disclaimer
This script is provided "as-is" without warranty of any kind. Use at your own risk. The author is not responsible for any damage caused by the use of this tool.

## Acknowledgments
This script was inspired by the brilliant work of the watchTowr team, whose original Nuclei YAML template for CVE-2024-0012 served as the foundation for this Python implementation. Their dedication to identifying and addressing critical security vulnerabilities continues to set a high standard in the cybersecurity community.
文件快照

[4.0K] /data/pocs/8e036003532e8cdcd32edd3983de8a320993ed98 ├── [1.0K] LICENSE ├── [5.7K] main.py ├── [5.4K] README.md └── [ 45] requirements.txt 0 directories, 4 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。