Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/projectzeroindia/cve-2019-11510
Exploit for Arbitrary File Read on Pulse Secure SSL VPN (CVE-2019-11510)
https://github.com/projectzeroindia/cve-2019-11510
Last synced: 2 months ago
JSON representation
Exploit for Arbitrary File Read on Pulse Secure SSL VPN (CVE-2019-11510)
- Host: GitHub
- URL: https://github.com/projectzeroindia/cve-2019-11510
- Owner: projectzeroindia
- Created: 2019-08-21T08:40:26.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2020-01-11T13:55:33.000Z (about 5 years ago)
- Last Synced: 2024-08-01T09:24:37.119Z (6 months ago)
- Language: Shell
- Size: 68.4 KB
- Stars: 360
- Watchers: 14
- Forks: 137
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-network-stuff - **255**星 - 2019-11510) (<a id="d62a971d37c69db9f3b9187318c3921a"></a>工具 / <a id="8ea8f890cf767c3801b5e7951fca3570"></a>公网访问局域网)
README
# CVE-2019-11510
Exploit for Arbitrary File Read on Pulse Secure SSL VPN (CVE-2019-11510)
You can use a single domain, either a list of domains. You must include https:// in front of the domain.
Usage : cat targetlist.txt | bash CVE-2019-11510.sh / bash CVE-2019-11510.sh -d https://vpn.target.com/
If you want to just verify the exploit and download /etc/passwd then use :
cat targetlist.txt | bash CVE-2019-11510.sh --only-etc-passwd
bash CVE-2019-11510.sh -d https://vpn.target.com/ --only-etc-passwd
Output will be saved inside output/vpn.target.com/
Demo :
Reference/Credits
---
https://blog.orange.tw/2019/09/attacking-ssl-vpn-part-3-golden-pulse-secure-rce-chain.html
https://www.blackhat.com/us-19/briefings/schedule/index.html#infiltrating-corporate-intranet-like-nsa---pre-auth-rce-on-leading-ssl-vpns-15545
https://blog.orange.tw/2019/08/attacking-ssl-vpn-part-2-breaking-the-fortigate-ssl-vpn.html
https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf