Skip to content

Instantly share code, notes, and snippets.

@hxlxmjxbbxs
Created September 19, 2023 20:58
Show Gist options
  • Save hxlxmjxbbxs/72512ac1cea863b3e0cabc107e58c5fe to your computer and use it in GitHub Desktop.
Save hxlxmjxbbxs/72512ac1cea863b3e0cabc107e58c5fe to your computer and use it in GitHub Desktop.
Vulnerability Scanner for Juniper CVE-2023-36845
id: CVE-2023-36845
info:
name: Juniper Networks Junos OS PHP External Variable Modification Vulnerability
author: hxlxmj
severity: medium
description: |
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to control certain environments variables.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2023-36845
- https://vulncheck.com/blog/juniper-cve-2023-36845
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36845
requests:
- method: GET
path:
- "{{BaseURL}}/"
matchers-condition: and
matchers:
- type: word
words:
- "Juniper Networks VPN Client Application</title>"
- "Juniper Networks Web Management</title>"
- "Juniper Networks Web Authentication</title>"
- "Juniper Web Device Manager</title>"
- "slipstream-content-title"
part: body
- type: status
status:
- 200
- method: GET
path:
- "{{BaseURL}}/images/favicon.ico"
matchers-condition: and
matchers:
- type: status
status:
- 200
- method: GET
path:
- "{{BaseURL}}/?LD_PRELOAD=/tmp/ld"
matchers-condition: and
matchers:
- type: word
words:
- 'Cannot open "/tmp/ld"'
part: body
- type: status
status:
- 200
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment