CVE-2022-40624 PoC — pfSense 操作系统命令注入漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-40624.yaml

Associated Vulnerability

Title:pfSense 操作系统命令注入漏洞 (CVE-2022-40624)
Description:pfSense是一套基于FreeBSD Linux的网络防火墙。 pfSense pfBlockerNG 2.1.4_27之前版本存在安全漏洞，攻击者利用该漏洞可以通过 HTTP 主机标头以 root 身份执行任意操作系统命令。

Description

pfSense pfBlockerNG through 2.1.4_27 allows remote attackers to execute arbitrary OS commands as root via the HTTP Host header.

File Snapshot


 id: CVE-2022-40624

info:
  name: pfSense pfBlockerNG - OS Command Injection
  author: ritikchaddha


...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!