关联漏洞
描述
Exploit for Arbitrary File Read on Pulse Secure SSL VPN (CVE-2019-11510)
介绍
# CVE-2019-11510
Exploit for Arbitrary File Read on Pulse Secure SSL VPN (CVE-2019-11510)
You can use a single domain, either a list of domains. You must include https:// in front of the domain.
Usage : cat targetlist.txt | bash CVE-2019-11510.sh / bash CVE-2019-11510.sh -d https://vpn.target.com/
If you want to just verify the exploit and download /etc/passwd then use :
cat targetlist.txt | bash CVE-2019-11510.sh --only-etc-passwd
bash CVE-2019-11510.sh -d https://vpn.target.com/ --only-etc-passwd
Output will be saved inside output/vpn.target.com/
Demo :

Reference/Credits
---
https://blog.orange.tw/2019/09/attacking-ssl-vpn-part-3-golden-pulse-secure-rce-chain.html
https://www.blackhat.com/us-19/briefings/schedule/index.html#infiltrating-corporate-intranet-like-nsa---pre-auth-rce-on-leading-ssl-vpns-15545
https://blog.orange.tw/2019/08/attacking-ssl-vpn-part-2-breaking-the-fortigate-ssl-vpn.html
https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf
文件快照
[4.0K] /data/pocs/0cb19049864197e4b89f1f673cafbf5c8bf5b32f
├── [ 80K] CVE-2019-11510.PNG
├── [5.0K] CVE-2019-11510.sh
└── [1.1K] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。