CVE-2023-35708 PoC — Progress Software MOVEit Transfer SQL注入漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-35708.yaml

Associated Vulnerability

Title:Progress Software MOVEit Transfer SQL注入漏洞 (CVE-2023-35708)
Description:Progress Software MOVEit Transfer是美国Progress Software公司的一套文件传输软件。 Progress Software MOVEit Transfer 2021.0.8（13.0.8）、2021.1.6（13.1.6）、2022.0.6（14.0.6）、2022.1.7（14.1.7）、2023.0.3（15.0.3）之前版本存在安全漏洞，该漏洞源于Web 应用程序中发现了一个 SQL 注入，允许未经身份验证的攻击者获得对 MOVEit Transfer 数

Description

In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content. These are fixed versions of the DLL drop-in: 2020.1.10 (12.1.10), 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3).

File Snapshot


 id: CVE-2023-35708

info:
  name: MOVEit Transfer - SQL Injection
  author: daffainfo,jjcho
  severi

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!