CVE-2023-36934 PoC — Progress Software MOVEit Transfer SQL注入漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-36934.yaml

Associated Vulnerability

Title:Progress Software MOVEit Transfer SQL注入漏洞 (CVE-2023-36934)
Description:Progress Software MOVEit Transfer是美国Progress Software公司的一套自动化的文件传输软件。该软件支持文件传输，并提供文件传输活动监控功能。 Progress Software MOVEit Transfer 存在安全漏洞，该漏洞源于存在SQL注入漏洞。攻击者可利用该漏洞获得对 MOVEit Transfer数据库的未经授权的访问。受影响的产品和版本：MOVEit Transfer 12.1.11、13.0.9、13.1.7、14.0.7、14.1.8、15.

Description

In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.

File Snapshot


 id: CVE-2023-36934

info:
  name: MOVEit Transfer - SQL Injection
  author: rootxharsh,iamnoooob,pdr

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!