Proof of concept for CVE-2022-31814[Download](https://raw.githubusercontent.com/Inplex-sys/CVE-2022-31814/refs/heads/main/pfsense.py)
# CVE-2022-31814
This script exploits a vulnerability in pfSense to upload a shell, execute a command, and then delete the shell.
## Requirements
- Python 3.x
- `requests` library
## Installation
1. Clone the repository or download the script.
2. Install the required Python libraries:
```sh
pip install requests
```
## Usage
```sh
python pfsense.py -f <file_with_urls> -c <command_to_execute>
```
- `-f`, `--file`: Path to a file containing a list of URLs (one per line).
- `-c`, `--command`: Command to execute on the target.
## Example
```sh
python pfsense.py -f targets.txt -c "id"
```
## Script Details
The script performs the following steps:
1. **Check Endpoint**: Verifies if `pfBlockerNG` is installed on the target.
2. **Upload Shell**: Uploads a PHP shell to the target.
3. **Interactive Shell**: Executes the provided command on the target.
4. **Delete Shell**: Deletes the uploaded shell from the target.
## Disclaimer
This script is intended for educational purposes only. Use it at your own risk. The author is not responsible for any misuse or damage caused by this script.
[4.0K] /data/pocs/a4823dd6cf913285bd0e41c5a9457ad7f12eb308
├── [2.8K] pfsense.py
└── [1.2K] README.md
0 directories, 2 files