Pulse Secure SSL VPN PreAuth Remote Code Execution with Compromising All the Connected VPN Clients
HTML-код
- Опубликовано: 13 сен 2024
- It chained the CVE-2019-11510 and CVE-2019-11539 to a preAuth RCE! We also demonstrate how to leverage the logon script feature to compromise back all the connected VPN clients!
More details can be found from the slides "Infiltrating Corporate Intranet Like NSA - Pre-auth RCE on Leading SSL VPNs" by Orange Tsai & Meh Chang - Наука
how did you curl just the admin DSID excluding other users?
11/10 pwnage
perfect !!!
so awesome! =O
So a infected file wouldn’t be noticed by any av after being executed?
Does it script available?
Nice try FBI
can you share the script ?
See script here ruclips.net/video/VcXTeG4rECI/видео.html
@@JoeSmith-fm5ew can you reshare? it's offline