关联漏洞
标题:Ivanti Connect Secure 命令注入漏洞 (CVE-2024-21887)Description:Ivanti Connect Secure是美国Ivanti公司的安全远程网络连接工具。 Ivanti Connect Secure 9.x、22.x系列版本、 Ivanti Policy Secure 9.x、22.x系列版本存在命令注入漏洞,该漏洞源于Web 组件中存在命令注入,允许经过身份验证的管理员发送特制请求并在设备上执行任意命令。
Description
exploit for ivanti
介绍
# 🚨 CVE-2024-21887 Exploit Tool 🛠️
A robust tool for detecting and exploiting the CVE-2024-21887 vulnerability in Ivanti Connect and Policy Secure systems.
## 📝 Description
CVE-2024-21887 is a critical command injection vulnerability, allowing authenticated admins to execute arbitrary commands. This tool aids in identifying and interacting with affected systems.
## 🚀 Features
- **Single URL Scan**: Pinpoint focus on a single target.
- **Bulk Scanning**: Analyze multiple URLs from a file.
- **Thread Control**: Customize concurrent scanning with thread options.
- **Output Logging**: Save identified vulnerable URLs to a file.
## 📚 How to Use
1. Install dependencies: `pip install -r requirements.txt`
2. Run the tool:
- Single URL: `python exploit.py -u <URL>`
- Bulk scan: `python exploit.py -f <file-path>`
- With threads: `python exploit.py -f <file-path> -t <number-of-threads>`
- Save output: `python exploit.py -f <file-path> -o <output-file-path>`
⚠️ **Disclaimer**: This tool is provided for educational and ethical testing purposes only. I am not responsible for any misuse or damage caused by this tool. Always obtain explicit permission before testing systems that you do not own or have explicit authorization to test.
文件快照
[4.0K] /data/pocs/d9a47fd327f875aa7e0dd1aae36167842f133cbb
├── [ 15K] exploit.py
├── [1.2K] README.md
└── [ 122] requirements.txt
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →