POC详情: 906bcaea57d7ac02961e584cbc6bd6436412f28e

来源
https://github.com/Inplex-sys/CVE-2022-31814
关联漏洞
标题: pfSense 操作系统命令注入漏洞 (CVE-2022-31814)
描述:pfSense是一套基于FreeBSD Linux的网络防火墙。 pfSense pfBlockerNG 2.1.4_26 版本之前存在安全漏洞。远程攻击者通过 HTTP 主机标头中的 shell 元字符以 root 身份可以执行任意操作系统命令。
描述
Proof of concept for CVE-2022-31814
介绍
[Download](https://raw.githubusercontent.com/Inplex-sys/CVE-2022-31814/refs/heads/main/pfsense.py)

# CVE-2022-31814

This script exploits a vulnerability in pfSense to upload a shell, execute a command, and then delete the shell.

## Requirements

- Python 3.x
- `requests` library

## Installation

1. Clone the repository or download the script.
2. Install the required Python libraries:
    ```sh
    pip install requests
    ```

## Usage

```sh
python pfsense.py -f <file_with_urls> -c <command_to_execute>
```

- `-f`, `--file`: Path to a file containing a list of URLs (one per line).
- `-c`, `--command`: Command to execute on the target.

## Example

```sh
python pfsense.py -f targets.txt -c "id"
```

## Script Details

The script performs the following steps:

1. **Check Endpoint**: Verifies if `pfBlockerNG` is installed on the target.
2. **Upload Shell**: Uploads a PHP shell to the target.
3. **Interactive Shell**: Executes the provided command on the target.
4. **Delete Shell**: Deletes the uploaded shell from the target.

## Disclaimer

This script is intended for educational purposes only. Use it at your own risk. The author is not responsible for any misuse or damage caused by this script.
文件快照

 [4.0K]  /data/pocs/906bcaea57d7ac02961e584cbc6bd6436412f28e
├── [2.8K]  pfsense.py
└── [1.2K]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。