## https://sploitus.com/exploit?id=18BC081E-1D12-56D1-9DDC-C1F40C0FA189
# CVE-2023-36845 Vulnerability Detector
![CVE Logo](https://img.shields.io/badge/CVE-2023--36845-red)
## Description
![Banner](images/banner1.PNG)
This Python script serves as both proof of Concept and Vulnerability Detector for CVE-2023-36845. It checks for the presence of the CVE-2023-36845 vulnerability in a target device by sending an HTTP POST request for running phpinfo() on the device. if the operation executes successfully, it indicates that the system may be vulnerable. also, the script has the option to save the phpinfo data of the device in HTML format.
this script was successfully tested on both Juniper EX switches and SRX firewalls series on vulnerable versions.
## Prerequisites
- Python 3.x
- `requests` library (you can install it using `pip install requests`)
### Basic Usage
```bash
python3 poc-juniper-cve-2023-36845.py -u <target_url>
```
### Options
- `-u` or `--url`: Specify the target URL (required).
- `-o` or `--output`: Specify an output file to save the HTML content (optional).
- `-v` or `--verbose`: Enable verbose mode to display HTTP response and HTML body (optional).
## Example
```bash
python3 poc-juniper-cve-2023-36845.py -u "http[s]://target-ip" -o output.html -v
```
## Output
- If the HTTP status code is 200, the script will indicate that the system is vulnerable to CVE-2023-36845.
- If an output file is specified, the HTML content of the response will be saved to that file.
![CVE Logo](images/output.PNG)
## Disclaimer
This script is intended for educational and informational purposes only. It should only be used on systems where you have explicit permission to test for vulnerabilities. Unauthorized use of this script may violate laws and regulations.
## Author
whiteOwl
## resource
https://nvd.nist.gov/vuln/detail/CVE-2023-36845