Skip to content

Proof of concept script to check if the site is vulnerable to CVE-2023-35078

License

Notifications You must be signed in to change notification settings

lager1/CVE-2023-35078

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 

Repository files navigation

CVE-2023-35078

shodan dorks

You can use the following shodan dorks to find public targets.

  • http.favicon.hash:362091310
  • http.favicon.hash:545827989
  • path=/mifs

You can use the following to transform data from shodan API to format suitable for the checking script:

jq -cr 'select(.http.favicon.hash == 362091310) | [ if .ssl? then "https://" else "http://" end , (.ip_str) + ":" + (.port|tostring)] | add' example.json > your_data_file.txt

usage

  • clone the repository
  • ./CVE-2023-35078.sh http[s]://your.target:port (define both protocol and target port)

If you want to test multiple targets, you can simply wrap it up with a loop: while read line; do ./CVE-2023-35078.sh $line; done < your_data_file.txt

additional info about the vuln

details about vulnerable/patched versions

This vulnerability impacts all supported versions – Version 11.4 releases 11.10, 11.9 and 11.8. Older versions/releases are also at risk.

you can fix the vulnerability by upgrading to EPMM versions 11.8.1.1, 11.9.1.1, and 11.10.0.2. These fixed versions also cover unsupported and End-of-Life (EoL) software versions that are lower than 11.8.1.0.

About

Proof of concept script to check if the site is vulnerable to CVE-2023-35078

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages