Skip to content

pfBlockerNG <= 2.1.4_26 Unauth RCE (CVE-2022-31814)

Notifications You must be signed in to change notification settings

dkstar11q/CVE-2022-31814

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 

Repository files navigation

pfBlockerNG <= 2.1.4_26 Unauth RCE

This script is a proof-of-concept exploit for pfBlockerNG <= 2.1.4_26 that allows for remote code execution. It takes a single target URL or a list of URLs, uploads a shell, executes a command, and then deletes the shell.

Requirements

This script requires Python 3.x and the requests and concurrent.futures modules to be installed. You can install these modules by running:

pip3 install requests concurrent.futures

or

pip3 install -r requirements.txt

Usage

usage: exploit.py [-h] [-c COMMAND] [-l LIST] [-i IP] [-t THREADS] [-o OUTPUT]

pfBlockerNG <= 2.1.4_26 Unauth RCE

options:
  -h, --help            show this help message and exit
  -c COMMAND, --command COMMAND
                        Console Command ('id')
  -l LIST, --list LIST  List of targets (list.txt)
  -i IP, --ip IP        Base target uri (ex. http://target-uri/)
  -t THREADS, --threads THREADS
                        Number of threads for mass scan
  -o OUTPUT, --output OUTPUT
                        Output file (vuln.txt)

Single Target

To exploit a single target, use the -i or --ip flag and specify the base URL or IP Address:

python3 exploit.py -i http://target-uri/ -c 'id'

Multiple Targets

To scan a list of targets, use the -l or --list flag and specify the path to the list:

python3 exploit.py -l list.txt -c 'id' -t 50

The -t or --threads flag can be used to specify the number of threads to use for the scan.

Output

If the -o or --output flag is specified, the list of vulnerable targets will be written to a file:

python3 exploit.py -l list.txt -c 'id' -o vuln.txt

Shodan Dork:

http.title:"pfSense - Login" "Server: nginx" "Set-Cookie: PHPSESSID="

⚠️ Disclaimer

This script is for educational purposes only. Use at your own risk.

About

pfBlockerNG <= 2.1.4_26 Unauth RCE (CVE-2022-31814)

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages