CVE-2023-38035 PoC — Mobileiron MobileIron Sentry 安全漏洞

Source

Associated Vulnerability

Title:Mobileiron MobileIron Sentry 安全漏洞 (CVE-2023-38035)
Description:MobileIron Sentry是美国思可信（MobileIron）公司的一款智能网关产品。 MobileIron Sentry 9.18.0及之前版本存在安全漏洞，该漏洞源于Apache HTTPD 配置限制不足，允许攻击者绕过管理界面上的身份验证控制。

Description

CVE-2023-38035 Recon oriented exploit, extract company name contact information

Readme

# MobileIron Sentry CVE-2023-38035 information extraction

## Features

- Extract company name and contact email
- Proof of vulnerability

## Usage

```sh
./sentryexploit 192.168.0.10:8443
2023/08/24 21:29:55 Information extracted, appliance is vulnerable:
2023/08/24 21:29:55 Company: XXXX Ltd., contact: xxx@example.com
```

## Sources

- [Horizon3 deep dive](https://www.horizon3.ai/ivanti-sentry-authentication-bypass-cve-2023-38035-deep-dive/)

File Snapshot


 [4.0K]  /data/pocs/b7bfd2da3866b4a6b3594a6613601b3a2aac0616
├── [ 294]  go.mod
├── [ 67K]  go.sum
├── [1.2K]  main.go
└── [ 449]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!