CVE-2023-34362 PoC — MoveIT SQL注入漏洞

Source

https://github.com/kenbuckler/MOVEit-CVE-2023-34362

Associated Vulnerability

Title:MoveIT SQL注入漏洞 (CVE-2023-34362)
Description:MoveIT是MoveIT公司的一款针对机械臂移动操作的最先进的软件。 MoveIT 存在安全漏洞，该漏洞源于存在SQL注入漏洞。攻击者可利用该漏洞访问数据库并执行更改或删除操作。受影响的产品和版本： Progress MOVEit Transfer 2021.0.6 (13.0.6)之前版本，2021.1.4 (13.1.4)版本, 2022.0.4 (14.0.4)版本, 2022.1.5 (14.1.5)版本, 2023.0.1 (15.0.1)版本。

Description

Repository with everything I have tracking the impact of MOVEit CVE-2023-34362

Readme

# MOVEit-CVE-2023-34362
Repository with everything I have tracking the impact of MOVEit CVE-2023-34362

Includes possibly affected organizations and domains utilizing SFTP header and cookie discovery methods.

I've also built a news ticker which tracks new stories about MOVEit, available at https://firehose.kenbuckler.com/moveit

File Snapshot


 [4.0K]  /data/pocs/74b202bafb40d72aa4d9343d58fea5e1478328ad
├── [2.1K]  CVE-2023-34362-description.txt
├── [ 870]  !Discovery Methods.txt
├── [ 14K]  Possible affected domains - cookie discovery.txt
├── [1.5K]  Possible affected domains - sftp discovery.txt
├── [ 17K]  Possible affected domain subjects - cookie discovery.txt
├── [ 19K]  Possible affected HTTP Titles.txt
├── [1.6K]  Possible affected orgs and domains - Google Dork Discovery
├── [ 23K]  Possible affected orgs - cookie discovery.txt
├── [4.5K]  Possible affected orgs - sftp discovery.txt
└── [ 331]  README.md

0 directories, 10 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!