CVE-2023-34362 PoC — MoveIT SQL注入漏洞

Source

https://github.com/toorandom/moveit-payload-decrypt-CVE-2023-34362

Associated Vulnerability

Title:MoveIT SQL注入漏洞 (CVE-2023-34362)
Description:MoveIT是MoveIT公司的一款针对机械臂移动操作的最先进的软件。 MoveIT 存在安全漏洞，该漏洞源于存在SQL注入漏洞。攻击者可利用该漏洞访问数据库并执行更改或删除操作。受影响的产品和版本： Progress MOVEit Transfer 2021.0.6 (13.0.6)之前版本，2021.1.4 (13.1.4)版本, 2022.0.4 (14.0.4)版本, 2022.1.5 (14.1.5)版本, 2023.0.1 (15.0.1)版本。

Description

This shellscript given the OrgKey 0 will parse the header of the base64 artifacts found in MOVEit Logs and decrypt the Serialized object used a payload

Readme

# moveit-payload-decrypt-CVE-2023-34362
This shellscript given the OrgKey 0 will parse the header of the base64 artifacts found in MOVEit Logs and decrypt the Serialized object used a payload

File Snapshot


 [4.0K]  /data/pocs/4dc27b82e7074e3d02084a45947ccb71a6a690c4
├── [1.1K]  LICENSE
├── [3.7K]  moveit_payload_decrypt.sh
└── [ 192]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!