Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2013-5664 PoC — Palo Alto Networks PAN-OS 基于Web的设备管理API浏览器跨站脚本漏洞

Source
https://github.com/phusion/rails-cve-2012-5664-test
Associated Vulnerability
Title:Palo Alto Networks PAN-OS 基于Web的设备管理API浏览器跨站脚本漏洞 (CVE-2013-5664)
Description:Palo Alto Networks Palo Alto Networks PAN-OS是美国Palo Alto Networks公司为其防火墙设备开发的一套操作系统。 Palo Alto Networks PAN-OS 4.1.12及之前的版本和5.0.5及之前的版本中的基于Web的设备管理API浏览器中存在跨站脚本漏洞。远程攻击者可借助特制的数据利用该漏洞注入任意Web脚本或HTML。
Description
Demo app showing how the Rails CVE-2013-5664 vulnerability works.
Readme
# Rails CVE-2012-5664 vulnerability demo

This demonstration application shows how the Rails CVE-2013-5664 vulnerability works. More information: http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts
File Snapshot

 [4.0K]  /data/pocs/6ba7f306b10cf5aff22c5e267caf9c6b9435bf9d
├── [4.0K]  app
│   ├── [4.0K]  assets
│   │   ├── [4.0K]  images
│   │   │   └── [6.5K]  rails.png
│   │   ├── [4.0K]  javascripts
│   │   │   ├── [ 641]  application.js
│   │   │   └── [ 229]  posts.js.coffee
│   │   └── [4.0K]  stylesheets
│   │       ├── [ 546]  application.css
│   │       └── [ 176]  posts.css.scss
│   ├── [4.0K]  controllers
│   │   ├── [  80]  application_controller.rb
│   │   └── [ 134]  posts_controller.rb
│   ├── [4.0K]  helpers
│   │   ├── [  29]  application_helper.rb
│   │   └── [  23]  posts_helper.rb
│   ├── [4.0K]  mailers
│   ├── [4.0K]  models
│   │   └── [  60]  post.rb
│   └── [4.0K]  views
│       └── [4.0K]  layouts
│           └── [ 247]  application.html.erb
├── [4.0K]  config
│   ├── [2.8K]  application.rb
│   ├── [ 191]  boot.rb
│   ├── [ 576]  database.yml
│   ├── [ 164]  environment.rb
│   ├── [4.0K]  environments
│   │   ├── [1.4K]  development.rb
│   │   ├── [2.4K]  production.rb
│   │   └── [1.5K]  test.rb
│   ├── [4.0K]  initializers
│   │   ├── [ 404]  backtrace_silencers.rb
│   │   ├── [ 533]  inflections.rb
│   │   ├── [ 205]  mime_types.rb
│   │   ├── [ 511]  secret_token.rb
│   │   ├── [ 456]  session_store.rb
│   │   └── [ 465]  wrap_parameters.rb
│   ├── [4.0K]  locales
│   │   └── [ 214]  en.yml
│   └── [1.8K]  routes.rb
├── [ 170]  config.ru
├── [4.0K]  db
│   ├── [4.0K]  migrate
│   │   └── [ 147]  20130103004813_create_posts.rb
│   ├── [ 962]  schema.rb
│   └── [ 343]  seeds.rb
├── [4.0K]  doc
│   └── [ 211]  README_FOR_APP
├── [ 765]  Gemfile
├── [2.4K]  Gemfile.lock
├── [4.0K]  lib
│   ├── [4.0K]  assets
│   └── [4.0K]  tasks
├── [4.0K]  log
├── [4.0K]  public
│   ├── [ 728]  404.html
│   ├── [ 711]  422.html
│   ├── [ 643]  500.html
│   ├── [   0]  favicon.ico
│   └── [ 204]  robots.txt
├── [ 285]  Rakefile
├── [ 249]  README.md
├── [4.0K]  script
│   └── [ 295]  rails
├── [4.0K]  test
│   ├── [4.0K]  fixtures
│   │   └── [ 133]  posts.yml
│   ├── [4.0K]  functional
│   │   └── [ 132]  posts_controller_test.rb
│   ├── [4.0K]  integration
│   ├── [4.0K]  performance
│   │   └── [ 370]  browsing_test.rb
│   ├── [ 454]  test_helper.rb
│   └── [4.0K]  unit
│       ├── [4.0K]  helpers
│       │   └── [  72]  posts_helper_test.rb
│       └── [ 118]  post_test.rb
└── [4.0K]  vendor
    ├── [4.0K]  assets
    │   ├── [4.0K]  javascripts
    │   └── [4.0K]  stylesheets
    └── [4.0K]  plugins

36 directories, 47 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.