https://github.com/systemvll/cve-2022-31814

Proof of concept for CVE-2022-31814
https://github.com/systemvll/cve-2022-31814

Last synced: 11 months ago
JSON representation

Proof of concept for CVE-2022-31814

• Host: GitHub
• URL: https://github.com/systemvll/cve-2022-31814
• Owner: SystemVll
• Created: 2025-01-16T13:59:45.000Z (over 1 year ago)
• Default Branch: main
• Last Pushed: 2025-01-16T14:01:16.000Z (over 1 year ago)
• Last Synced: 2025-06-02T18:39:44.757Z (about 1 year ago)
• Language: Python
• Size: 5.86 KB
• Stars: 1
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
[Download](https://raw.githubusercontent.com/Inplex-sys/CVE-2022-31814/refs/heads/main/pfsense.py)

# CVE-2022-31814

This script exploits a vulnerability in pfSense to upload a shell, execute a command, and then delete the shell.

## Requirements

- Python 3.x

- `requests` library

## Installation

1. Clone the repository or download the script.

2. Install the required Python libraries:

    ```sh

    pip install requests

    ```

## Usage

```sh

python pfsense.py -f  -c 

```

- `-f`, `--file`: Path to a file containing a list of URLs (one per line).

- `-c`, `--command`: Command to execute on the target.

## Example

```sh

python pfsense.py -f targets.txt -c "id"

```

## Script Details

The script performs the following steps:

1. **Check Endpoint**: Verifies if `pfBlockerNG` is installed on the target.

2. **Upload Shell**: Uploads a PHP shell to the target.

3. **Interactive Shell**: Executes the provided command on the target.

4. **Delete Shell**: Deletes the uploaded shell from the target.

## Disclaimer

This script is intended for educational purposes only. Use it at your own risk. The author is not responsible for any misuse or damage caused by this script.