POC详情: d2f5da6ab2aedd39315d3aeafa71075286a8f7d9

来源
https://github.com/0x0d3ad/CVE-2024-3400
关联漏洞
标题: Palo Alto Networks PAN-OS 命令注入漏洞 (CVE-2024-3400)
描述:Palo Alto Networks PAN-OS是美国Palo Alto Networks公司的一款下一代防火墙软件。 Palo Alto Networks PAN-OS 10.2、11.0、11.1存在命令注入漏洞,该漏洞源于GlobalProtect 功能中存在命令注入漏洞,可能使未经身份验证的攻击者在防火墙上以 root权限执行任意代码。
介绍
### CVE-2024-3400: OS Command Injection Vulnerability

**Description:**
CVE-2024-3400 is a security vulnerability affecting applications or services that accept user input and execute operating system commands based on that input without adequate validation. This vulnerability allows attackers to inject malicious or damaging OS commands through received input, potentially resulting in system exploitation, data manipulation, or even full control over the vulnerable system.

For more information and updates, please refer to the [CVE-2024-3400](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3400).

*Note
Please wait for the response results. The response takes quite a long time

![Exploit](images/exploit.png)

![Reverse Shell](images/reverse-shell.png)
文件快照

 [4.0K]  /data/pocs/d2f5da6ab2aedd39315d3aeafa71075286a8f7d9
├── [1.1K]  exploit.py
├── [4.0K]  images
│   ├── [189K]  exploit.png
│   └── [ 39K]  reverse-shell.png
└── [ 769]  README.md

1 directory, 4 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。