Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2023-42326 PoC — pfSense 跨站脚本漏洞

Source
https://github.com/Farzan-Kh/CVE-2023-42326
Associated Vulnerability
Title:pfSense 跨站脚本漏洞 (CVE-2023-42326)
Description:An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the interfaces_gif_edit.php and interfaces_gre_edit.php components.
Description
CVE-2023-42326 exploit
Readme

# pfSense <= 2.7.0 Command Injection Exploit (CVE-2023-42326)

This Python script is a Proof-of-Concept (PoC) exploit for the command injection vulnerability (CVE-2023-42326) in pfSense CE <= 2.7.0 and pfSense Plus <= 23.05.1. The vulnerability allows authenticated attackers to inject and execute arbitrary commands via the `interfaces_gif_edit.php` and `interfaces_gre_edit.php` components.

## Features
- Exploit mode selection (`gif` or `gre`) to choose the vulnerable components.
- Command injection capability to run arbitrary shell commands.
- Netcat reverse shell handling with automatic thread management.
- Debug mode for enhanced visibility of request data.

## Prerequisites
Before running the script, make sure you have:
- Python 3.x installed on your system.
- And run `pip install -r requirements.txt` to make sure the depndecies are satisfied.
- Add a .env file with required variables (explained down bellow) to the projects directory.

## Usage

### Basic Example (Command Injection)

This command executes the exploit and runs the command that you specified in the .env file:

```bash
python3 exploit.py
```

##### .env variables

- `username` --> Username for pfSense admin login
- `password` --> Password for pfSense admin login
- `target` --> Target pfSense IP (e.g., http://10.101.1.1)
- `mode` --> Exploit mode: gif or gre
- `command` --> Command to inject
- `debug` --> Enable debug mode to print response data (True or False)
- `insecure` --> Allow insecure server connections when using SSL (True or False)
### Example Output
When the exploit runs successfully, you should see output similar to this:

```bash
[2024-10-24 03:57:59] [SUCCESS] Target http://10.101.1.1 is reachable
[2024-10-24 03:57:59] [INFO] Fetching CSRF token from: http://10.101.1.1/
[2024-10-24 03:57:59] [SUCCESS] CSRF token extracted successfully
[2024-10-24 03:57:59] [INFO] Sending GIF exploit request to http://10.101.1.1/interfaces_gif_edit.php
[2024-10-24 03:57:59] [SUCCESS] GIF Exploit sent successfully
```

### Notes

- **Privilege Requirement**: You must have valid user credentials for the pfSense instance.
- **Target System**: This exploit is specific to pfSense CE <= 2.7.0 and pfSense Plus <= 23.05.1.
- **Reverse Shell**: Ensure your firewall settings allow incoming connections on the specified port when setting up a reverse shell.

### Debug Mode

If you want to see more details about the requests being sent, you can enable debug mode by adding `-d` to your command. This will print out response data and help you troubleshoot any issues.

### Troubleshooting
- Ensure the target system is reachable.
- Double-check the credentials being used for login.
- Use the `-d` flag for more detailed logging if needed.

### License

This project is licensed under the MIT License.
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →