CVE-2021-22893 PoC — Pulse Secure Pulse Connect Secure 资源管理错误漏洞

Source

https://github.com/ZephrFish/CVE-2021-22893_HoneyPoC2

Associated Vulnerability

Title:Pulse Secure Pulse Connect Secure 资源管理错误漏洞 (CVE-2021-22893)
Description:Pulse Secure Pulse Connect Secure（又名PCS，前称Juniper Junos Pulse）是美国Pulse Secure公司的一套SSL VPN解决方案。 Pulse Secure Pulse Connect Secure 存在资源管理错误漏洞，攻击者可利用该漏洞可以绕过身份验证过程，获得对应用程序的未授权访问。以下产品及版本受到影响：Pulse Connect Secure: 9.0R3, 9.0R3.1, 9.0R3.2, 9.0R3.4, 9.0R3.5, 9.0R

Description

DO NOT RUN THIS.

Readme

# CVE-2021-22893
THIS IS NOT A REAL EXPLOIT IT IS A HONEYPOC (https://blog.zsec.uk/cve-2020-1350-honeypoc/)
Proof-of-Concept (PoC) script to exploit Pulse Secure CVE-2021-22893. 
DO NOT RUN THIS.
## Usage
Achieves RCE on Pulse Secure VPNs

```
chmod +x exploit.sh

./exploit.sh 10.0.0.1
./exploit.sh -l <ListoFIPs>
./exploit.sh -l IPList.txt
```

File Snapshot


 [4.0K]  /data/pocs/47337924ea4269b8634c563d900cfd70b1f6d38f
├── [9.0K]  exploit.sh
├── [ 347]  README.md
└── [5.0K]  README.pdf

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!