projectzeroindia/CVE-2019-11510 projectzeroindia/CVE-2019-11510

  • Stars
    star
    360
  • Rank 117,262 (Top 3 %)
  • Language
    Shell
  • Created about 5 years ago
  • Updated over 4 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
projectzeroindia/CVE-2019-11510
github

projectzeroindia

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Exploit for Arbitrary File Read on Pulse Secure SSL VPN (CVE-2019-11510)

CVE-2019-11510

Exploit for Arbitrary File Read on Pulse Secure SSL VPN (CVE-2019-11510)

You can use a single domain, either a list of domains. You must include https:// in front of the domain.

Usage : cat targetlist.txt | bash CVE-2019-11510.sh / bash CVE-2019-11510.sh -d https://vpn.target.com/

If you want to just verify the exploit and download /etc/passwd then use :

cat targetlist.txt | bash CVE-2019-11510.sh --only-etc-passwd

bash CVE-2019-11510.sh -d https://vpn.target.com/ --only-etc-passwd

Output will be saved inside output/vpn.target.com/

Demo :

CVE-2019-11510.sh demo

Reference/Credits

https://blog.orange.tw/2019/09/attacking-ssl-vpn-part-3-golden-pulse-secure-rce-chain.html

https://www.blackhat.com/us-19/briefings/schedule/index.html#infiltrating-corporate-intranet-like-nsa---pre-auth-rce-on-leading-ssl-vpns-15545

https://blog.orange.tw/2019/08/attacking-ssl-vpn-part-2-breaking-the-fortigate-ssl-vpn.html

https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf

More Repositories

1

CVE-2019-19781

Remote Code Execution Exploit for Citrix Application Delivery Controller and Citrix Gateway [ CVE-2019-19781 ]
Shell
373
star