CVE-2022-31814 PoC — pfSense 操作系统命令注入漏洞

Source

Associated Vulnerability

Description

Proof of concept for CVE-2022-31814

Readme

[Download](https://raw.githubusercontent.com/Inplex-sys/CVE-2022-31814/refs/heads/main/pfsense.py)

# CVE-2022-31814

This script exploits a vulnerability in pfSense to upload a shell, execute a command, and then delete the shell.

## Requirements

- Python 3.x
- `requests` library

## Installation

1. Clone the repository or download the script.
2. Install the required Python libraries:
    ```sh
    pip install requests
    ```

## Usage

```sh
python pfsense.py -f <file_with_urls> -c <command_to_execute>
```

- `-f`, `--file`: Path to a file containing a list of URLs (one per line).
- `-c`, `--command`: Command to execute on the target.

## Example

```sh
python pfsense.py -f targets.txt -c "id"
```

## Script Details

The script performs the following steps:

1. **Check Endpoint**: Verifies if `pfBlockerNG` is installed on the target.
2. **Upload Shell**: Uploads a PHP shell to the target.
3. **Interactive Shell**: Executes the provided command on the target.
4. **Delete Shell**: Deletes the uploaded shell from the target.

## Disclaimer

This script is intended for educational purposes only. Use it at your own risk. The author is not responsible for any misuse or damage caused by this script.

File Snapshot

 [4.0K]  /data/pocs/906bcaea57d7ac02961e584cbc6bd6436412f28e
├── [2.8K]  pfsense.py
└── [1.2K]  README.md

0 directories, 2 files

Remarks