关联漏洞
标题:MoveIT SQL注入漏洞 (CVE-2023-34362)Description:MoveIT是MoveIT公司的一款针对机械臂移动操作的最先进的软件。 MoveIT 存在安全漏洞,该漏洞源于存在SQL注入漏洞。攻击者可利用该漏洞访问数据库并执行更改或删除操作。受影响的产品和版本: Progress MOVEit Transfer 2021.0.6 (13.0.6)之前版本,2021.1.4 (13.1.4)版本, 2022.0.4 (14.0.4)版本, 2022.1.5 (14.1.5)版本, 2023.0.1 (15.0.1)版本。
Description
MOVEit CVE-2023-34362
介绍
# CVE-2023-34362
POC for CVE-2023-34362 affecting MOVEit Transfer
## Technical Analysis
A technical root cause analysis of the vulnerability can be found on our blog:
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
## Summary
This POC abuses an SQL injection to obtain a sysadmin API access token and then use that access to abuse a deserialization call to obtain remote code execution.
This POC needs to reach out to an Identity Provider endpoint which hosts proper RS256 certificates used to forge arbitrary user tokens - by default this POC uses our IDP endpoint hosted in AWS.
By default, the exploit will write a file to C:\Windows\Temp\message.txt. Alternative payloads can be generated by using the ysoserial.net project.
## Usage
```plaintext
python CVE-2023-34362.py https://127.0.0.1
[*] Getting sysadmin access token
[*] Got access token
[*] Getting FolderID
[*] Got FolderID: 963611079
[*] Starting file upload
[*] Got FileID: 965943963
[*] Injecting the payload
[*] Payload injected
[*] Triggering payload via resume call
[+] Triggered the payload!
[*] Deleting uploaded file
```
## Mitigations
Update to the latest version or mitigate by following the instructions within the Progress Advisory
* https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
## Follow the Horizon3.ai Attack Team on Twitter for the latest security research:
* [Horizon3 Attack Team](https://twitter.com/Horizon3Attack)
* [James Horseman](https://twitter.com/JamesHorseman2)
* [Zach Hanley](https://twitter.com/hacks_zach)
## Disclaimer
This software has been created purely for the purposes of academic research and for the development of effective defensive techniques, and is not intended to be used to attack systems except where explicitly authorized. Project maintainers are not responsible or liable for misuse of the software. Use responsibly.
文件快照
[4.0K] /data/pocs/2d93f9bf5bdbcd9c6eaad4ceb6fccd8fe2624e6d
├── [1.9K] cert.crt
├── [ 14K] CVE-2023-34362.py
├── [3.2K] key.pem
├── [ 800] key.pub
├── [3.2K] provider_file.txt
└── [1.9K] README.md
0 directories, 6 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。