CVE-2024-9474

This Go-based exploit targets CVE-2024-9474 in Palo Alto PAN-OS, leveraging an authentication bypass and command injection via a PHP endpoint to achieve remote code execution (RCE). It supports both single-target and batch scanning modes.

This PoC exploits CVE-2024-9474 in PAN-OS by leveraging command injection via the 'user' field in a POST request to create a remote session, then retrieves the command output via a crafted PHP file. The exploit is limited to 19-character commands due to field constraints.

This repository contains a functional exploit for CVE-2024-0012 (authentication bypass) and CVE-2024-9474 (command execution and privilege escalation) in Palo Alto PAN-OS. The exploit automates the process of bypassing authentication, uploading a reverse shell payload in chunks, and executing it on the target system.

This repository contains a functional GUI-based exploit for CVE-2024-0012 and CVE-2024-9474, targeting Palo Alto PAN-OS. The exploit chains an authentication bypass with a command injection vulnerability to achieve remote code execution (RCE) via crafted session creation and file write operations.

This repository contains a functional exploit tool for CVE-2024-9474, targeting PAN-OS devices. It includes capabilities for credential dumping, command execution, and reverse shell establishment via command injection and authentication bypass.

This PoC exploits CVE-2024-9474 in PAN-OS by injecting a command into the 'user' parameter to create a PHP file containing command output, then retrieving it via unauthenticated access. It demonstrates remote code execution (RCE) by writing the result of 'id' to a web-accessible file.

This repository contains a Go-based Proof of Concept (PoC) exploit for CVE-2024-9474, targeting Palo Alto PAN-OS. It includes both scanning and interactive exploitation modes, allowing for authentication bypass and arbitrary command execution on vulnerable systems.

This repository contains a functional exploit for CVE-2024-0012, an authentication bypass vulnerability in Palo Alto Networks PAN-OS. The PoC leverages command injection via a crafted session creation request to achieve remote code execution (RCE) by writing a PHP file to the web root.

This repository contains a Python-based exploit for CVE-2024-9474, targeting Palo Alto PAN-OS. The exploit includes both a scanner mode to detect vulnerable instances and an interactive shell mode to execute commands on the target system via an authentication bypass vulnerability.

This Metasploit module exploits an authentication bypass (CVE-2024-0012) and command injection (CVE-2024-9474) in Palo Alto Networks PAN-OS management interface to achieve unauthenticated remote code execution as root. It writes payloads in chunks to bypass command length limitations and executes them via shell.