关联漏洞
标题:
pfSense 跨站脚本漏洞
(CVE-2023-42326)
描述:pfSense是一套基于FreeBSD Linux的网络防火墙。 Netgate pfSense v.2.7.0版本存在跨站脚本漏洞,该漏洞源于允许远程攻击者通过精心设计的请求访问 interfaces_gif_edit.php 和interfaces_gre_edit.php 组件来执行任意代码。
描述
CVE-2023-42326 exploit
介绍
# pfSense <= 2.7.0 Command Injection Exploit (CVE-2023-42326)
This Python script is a Proof-of-Concept (PoC) exploit for the command injection vulnerability (CVE-2023-42326) in pfSense CE <= 2.7.0 and pfSense Plus <= 23.05.1. The vulnerability allows authenticated attackers to inject and execute arbitrary commands via the `interfaces_gif_edit.php` and `interfaces_gre_edit.php` components.
## Features
- Exploit mode selection (`gif` or `gre`) to choose the vulnerable components.
- Command injection capability to run arbitrary shell commands.
- Netcat reverse shell handling with automatic thread management.
- Debug mode for enhanced visibility of request data.
## Prerequisites
Before running the script, make sure you have:
- Python 3.x installed on your system.
- And run `pip install -r requirements.txt` to make sure the depndecies are satisfied.
- Add a .env file with required variables (explained down bellow) to the projects directory.
## Usage
### Basic Example (Command Injection)
This command executes the exploit and runs the command that you specified in the .env file:
```bash
python3 exploit.py
```
##### .env variables
- `username` --> Username for pfSense admin login
- `password` --> Password for pfSense admin login
- `target` --> Target pfSense IP (e.g., http://10.101.1.1)
- `mode` --> Exploit mode: gif or gre
- `command` --> Command to inject
- `debug` --> Enable debug mode to print response data (True or False)
- `insecure` --> Allow insecure server connections when using SSL (True or False)
### Example Output
When the exploit runs successfully, you should see output similar to this:
```bash
[2024-10-24 03:57:59] [SUCCESS] Target http://10.101.1.1 is reachable
[2024-10-24 03:57:59] [INFO] Fetching CSRF token from: http://10.101.1.1/
[2024-10-24 03:57:59] [SUCCESS] CSRF token extracted successfully
[2024-10-24 03:57:59] [INFO] Sending GIF exploit request to http://10.101.1.1/interfaces_gif_edit.php
[2024-10-24 03:57:59] [SUCCESS] GIF Exploit sent successfully
```
### Notes
- **Privilege Requirement**: You must have valid user credentials for the pfSense instance.
- **Target System**: This exploit is specific to pfSense CE <= 2.7.0 and pfSense Plus <= 23.05.1.
- **Reverse Shell**: Ensure your firewall settings allow incoming connections on the specified port when setting up a reverse shell.
### Debug Mode
If you want to see more details about the requests being sent, you can enable debug mode by adding `-d` to your command. This will print out response data and help you troubleshoot any issues.
### Troubleshooting
- Ensure the target system is reachable.
- Double-check the credentials being used for login.
- Use the `-d` flag for more detailed logging if needed.
### License
This project is licensed under the MIT License.
文件快照
[4.0K] /data/pocs/9c2a42c0fa0775476398d087b157c055401bfdf6
├── [5.8K] exploit.py
├── [1.0K] LICENSE
├── [2.7K] README.md
└── [ 42] requirements.txt
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。