CVE-2023-36845

This repository contains a scanner for CVE-2023-36845, a vulnerability in Juniper firewalls. It verifies targets by checking for specific Juniper web interface titles and favicon, then attempts exploitation by sending an LD_PRELOAD environment variable to trigger an error response from vulnerable systems.

The repository contains a Python script and README detailing CVE-2023-36845, a PHP environment variable manipulation vulnerability in Juniper SRX firewalls and EX switches. The PoC demonstrates remote code execution via PHP configuration manipulation and file upload techniques.

This repository contains a bash script that automates the detection of CVE-2023-36845 by sending crafted HTTP requests to a list of IP addresses and checking for the presence of '/etc/passwd' content in the response. It does not exploit the vulnerability but scans for its presence.

This is a bash script designed to scan for CVE-2023-36845, a vulnerability in Juniper devices. It checks for the presence of the vulnerability by sending a crafted request to the target URL and analyzing the response for indicators of vulnerability, such as the presence of 'root:' in the output.

This PoC automates the exploitation of CVE-2023-36845 by sending crafted HTTP requests to modify the PHPRC variable in J-Web, leading to potential code injection. It reads targets from a file and uses concurrent requests for efficiency.

This repository contains a bash script that scans for CVE-2023-36845, a pre-authentication RCE vulnerability in Juniper J-Web. The script checks for vulnerability by attempting to read /etc/passwd via a crafted HTTP request.

The repository contains functional exploit code for CVE-2023-36845, including a Nuclei template and a Python script for Citrix Gateway information disclosure. The PoC demonstrates the vulnerability by leaking sensitive information.

This repository contains a bash script that automates the discovery of Juniper Web Device Manager instances vulnerable to CVE-2023-36845 using Shodan, httpx, and nuclei. It does not include an exploit payload but rather a workflow to identify potential targets.

This repository contains a bash script to check for CVE-2023-36845 vulnerability in Juniper devices by attempting to read /etc/passwd via PHP auto_prepend_file manipulation. It automates the process of scanning multiple IPs for vulnerability detection.

This repository contains a one-liner bash script to mass-check for CVE-2023-36845, a vulnerability in PHP's CGI argument injection. It attempts to read /etc/passwd by manipulating the PHPRC environment variable and auto_prepend_file directive.

This repository contains a scanner for CVE-2023-36845, a vulnerability in Juniper Web Device Manager. The scanner checks for vulnerable hosts by sending a crafted POST request to the target and verifying the response for the presence of '/etc/passwd' content.

This is a functional exploit for CVE-2023-36845, targeting Juniper JunOS J-Web PHP external variable modification. It provides an interactive console to execute commands like 'ls' and 'cat' via PHP code injection, leveraging the vulnerability to achieve remote code execution (RCE).

This script exploits CVE-2023-36845 to leak /etc/passwd by abusing PHP's auto_prepend_file directive via a crafted request to about.php. It reads target URLs from a file and checks for vulnerability by fetching the passwd file.

This PoC exploits CVE-2023-36845 in Juniper Networks Junos OS by manipulating the PHPRC environment variable to inject arbitrary PHP code via file upload, leading to potential remote code execution (RCE). The script automates the attack against multiple targets listed in a hosts.txt file using concurrent requests.

This repository contains a bash script that exploits CVE-2023-36845 and CVE-2023-36846 in Juniper Junos OS J-Web. The script sends a crafted curl request to trigger remote code execution by manipulating the PHPRC environment variable.

This repository contains a Python script and documentation for exploiting CVE-2023-36845, a PHP environment variable manipulation vulnerability in Juniper SRX firewalls and EX switches. The exploit leverages the `auto_prepend_file` parameter to achieve remote code execution (RCE) via PHP configuration manipulation.

This is a bash script designed to scan for CVE-2023-36845 by sending a crafted request to a list of IP addresses and checking if the response contains sensitive data (e.g., /etc/passwd). It automates vulnerability detection but does not exploit it for RCE.

This repository contains an Ansible playbook designed to scan for potential instances of CVE-2023-36845. It is described as simple and untested, focusing on discovery rather than exploitation.

This repository contains a functional exploit for CVE-2023-36844 (and related CVEs) targeting Juniper JunOS SRX/EX series. The exploit chains multiple vulnerabilities to achieve remote code execution by uploading a malicious PHP file and an INI file, then executing arbitrary PHP code.

This repository contains a functional exploit PoC for chaining CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, and CVE-2023-36847 to achieve remote code execution on Juniper JunOS SRX and EX Series products. The exploit leverages a pre-authentication file upload vulnerability to upload a malicious PHP file and a PHP configuration file, then executes the payload by manipulating the PHPRC environment variable.

The repository contains only GitHub issue templates, workflows, and documentation files (e.g., CODE_OF_CONDUCT.md, CONTRIBUTING.md) without any actual exploit code or technical details related to CVE-2023-36845.

This Metasploit module exploits CVE-2023-36845 in Juniper Junos OS by manipulating PHP environment variables (auto_prepend_file and allow_url_include) to achieve remote code execution. It includes a jailbreak technique to escalate privileges by stealing tokens from authenticated J-Web users and overwriting the root password hash.