CVE-2022-40140 PoC — Trend Micro Apex One 访问控制错误漏洞

Source

https://github.com/ZephrFish/NotProxyShellScanner

Associated Vulnerability

Title:Trend Micro Apex One 访问控制错误漏洞 (CVE-2022-40140)
Description:An origin validation error vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to cause a denial-of-service on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Description

Python implementation for NotProxyShell aka CVE-2022-40140 & CVE-2022-41082

Readme

# NotProxyShellScanner
Python implementation for NotProxyShell aka CVE-2022-40140 & CVE-2022-41082.

## Setup 
Install the requirements all that's required is python3 requests.

```
pip3 install -r requirements.txt
```

## Running
There are a few options when it comes to running the tooling:
```
usage: NotProxyShell.py [-h] [-u TARGETHOST] [-f TARGETHOSTFILE] [-e EMAIL] [-d TARGETDOMAIN]

optional arguments:
  -h, --help            show this help message and exit
  -u TARGETHOST, --targethost TARGETHOST
                        Single Target host e.g zsec.uk
  -f TARGETHOSTFILE, --targethostfile TARGETHOSTFILE
                        File with targets, one per line
  -e EMAIL, --email EMAIL
                        Known email of org
  -d TARGETDOMAIN, --targetdomain TARGETDOMAIN
                        Known domain of the target org
```

File Snapshot


 [4.0K]  /data/pocs/a9c7bb331ede2f7c298fb0acfe221d01621714df
├── [3.2K]  NotProxyShell.py
├── [ 847]  README.md
└── [  17]  requirements.txt

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!