misc updates

patch-1
sandeep 2021-11-11 22:59:29 +05:30
parent d58d0d472f
commit 65ce478c0e
4 changed files with 11 additions and 10 deletions

View File

@ -8,11 +8,11 @@ info:
- https://www.exploit-db.com/exploits/43342
- http://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html
severity: critical
tags: cve,cve2017,rce,vpn,paloalto,globalprotect
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2017-15944
tags: cve,cve2017,rce,vpn,panos,globalprotect
requests:
- raw:
@ -24,9 +24,9 @@ requests:
matchers-condition: and
matchers:
- type: word
part: body
words:
- "@start@Success@end@"
part: body
- type: status
status:

View File

@ -2,16 +2,16 @@ id: CVE-2018-10141
info:
name: GlobalProtect Login page XSS
severity: medium
author: dhiyaneshDk
description: GlobalProtect Portal Login page in Palo Alto Networks PAN-OS before 8.1.4 allows an unauthenticated attacker to inject arbitrary JavaScript or HTML.
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2018-10141
tags: globalprotect,xss,cve,cve2018,vpn
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2018-10141
cwe-id: CWE-79
tags: cve,cve2018,panos,vpn,globalprotect,xss
requests:
- method: GET
@ -21,14 +21,14 @@ requests:
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'var valueUser = "j";-alert(1)-"x";'
part: body
- type: word
part: header
words:
- "text/html"
part: header
- type: status
status:

View File

@ -6,7 +6,7 @@ info:
severity: high
description: Default Login of admin:admin on Palo Alto Networks PAN-OS application.
reference: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/getting-started/integrate-the-firewall-into-your-management-network/perform-initial-configuration.html#:~:text=By%20default%2C%20the%20firewall%20has,with%20other%20firewall%20configuration%20tasks.
tags: paloalto,panos,default-login
tags: panos,default-login
requests:
- raw:
@ -17,19 +17,19 @@ requests:
user={{username}}&passwd={{password}}&challengePwd=&ok=Login
attack: pitchfork
payloads:
username:
- admin
password:
- admin
attack: pitchfork
matchers-condition: and
matchers:
- type: word
part: header
words:
- "Set-Cookie: PHPSESSID"
part: header
- type: word
words:

View File

@ -4,7 +4,7 @@ info:
name: PaloAlto Networks GlobalProtect Panel
author: organiccrap
severity: info
tags: panel
tags: panel,panos
requests:
- method: GET
@ -12,6 +12,7 @@ requests:
- "{{BaseURL}}/global-protect/login.esp"
- "{{BaseURL}}/sslmgr"
stop-at-first-match: true
matchers:
- type: word
words: