Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2014-4688 PoC — Electric Sheep Fencing pfSense 安全漏洞

Source
https://github.com/fenix0499/CVE-2014-4688-NodeJs-Exploit
Associated Vulnerability
Title:Electric Sheep Fencing pfSense 安全漏洞 (CVE-2014-4688)
Description:Electric Sheep Fencing pfsense是美国Electric Sheep Fencing公司的一套免费开源的基于FreeBSD的防火墙和路由器软件。 Electric Sheep Fencing pfSense 2.1.3及之前的版本中存在安全漏洞,该漏洞源于diag_dns.php脚本没有正确验证hostname值,diag_smart.php脚本没有正确验证smartmonemail值,status_rrd_graph_img.php脚本没有正确验证database值。远程攻击者
Description
Authenticated Remote Command Execution – pfSense <= 2.1.3
Readme
# CVE-2014-4688

```
sudo node --no-warnings exploit.js
```
File Snapshot

 [4.0K]  /data/pocs/a24244303b53fedca59072ce4c4bd4ee001fe0e2
├── [4.7K]  exploit.js
└── [  60]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.