"Space: the final frontier." Well... I'm not sure if it's even a half (of the journey) with Junos - but - let's find some "Space" to inject additional (JS/HTML) code. Get some "Space" and here we go...
You knows...
*:
KEZpcnN0IG9mIGFsbD8gTmFhaC4gVGhpcyBpcyBteSAybmQgKHllcCwgJ3JoZXRvcmljYWwnOyogKSAicXVlc3Rpb24iOiBpZiB0aGlzIGlzIDIwMjIsIHdoeSB5b3VyICRjb2RlJCEgaXMgYGRhdGVkYCBmb3IgMjAxMD8gT19PIApBYWFhbnlob3cuLi4gIm5vdCBteSBtb25leSIsIHJpZ2h0PyBTbywgeWVhaCwgd2VsbC4uLiA7XSk=
:*
First question: multiple CVE(s) with "so secret input" that can not be described?
Hm. I mean? How can "researcher" avoid duplicates with responsible disclosure($)? ;)
So, let's move forward (TL;DR: postauth bugs below):
#01 - MIBs anyone?
#02 - Triggered one - FYI:
#03 - little alert() for the end of the week ;)
...ok, what time is IT?
RTFM-Time! Correct (I mean: I believe JunosDevTeam is aware of those bugs)! [1, 2, 3, 4] ;)
So if your (admin-or-not) Junos Space user is able to log in or use CLI (ex. via SSH) - maybe you'd like to check the next screen:
This time we'll stop here.
Bugs described in this post (or any future pocs) I will include in the next 'version' of the EnTer tool.
In case you'd like to learn more about pentesting 'popular network appliances' - ask here or ping me directly.
At "this stage": (read as:
in the Space-code I found bash/perl/jsp/java/ELK/andSo/On... from 200x-2014 drafts) for Junos Space 21.x R2 - currently described as 'latest' - this post for sure will be continued. Stay tuned. ;]
(Commercial ideas...? ;))
Brak komentarzy:
Prześlij komentarz