add : pfSense_Arbitrary_File_Write_to_RCE

2025-05-05 10:16:59 +00:00 · 2022-06-24 12:02:40 +08:00 · 2022-06-24 12:02:40 +08:00 · d03317d855
commit d03317d855
parent 75e7b8df85
2 changed files with 10 additions and 0 deletions
--- a/pfsense/README.md
+++ b/pfsense/README.md
@ -0,0 +1,10 @@
+
+# pfSense Arbitrary File Write to RCE
+
+diag_routes.php in pfSense 2.5.2 allows sed data injection. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility.
+
+FOFA **query rule**: [app="pfSense"](https://fofa.info/result?qbase64=YXBwPSJwZlNlbnNlIg%3D%3D)
+
+# Demo
+
+![pfSense_Arbitrary_File_Write_to_RCE](pfSense_Arbitrary_File_Write_to_RCE.gif)
--- a/pfsense/pfSense_Arbitrary_File_Write_to_RCE.gif
+++ b/pfsense/pfSense_Arbitrary_File_Write_to_RCE.gif