支持本站 — 捐款将帮助我们持续运营

目标: 1000 元,已筹: 1000

100.0%
立即捐款

POC详情: 074652d3312de6e3aa03386d276b955eccc87e66

来源
https://github.com/GainSec/CVE-2017-16744-and-CVE-2017-16748-Tridium-Niagara
关联漏洞
标题:Tridium Niagara AX Framework和Niagara 4 Framework 路径遍历漏洞 (CVE-2017-16744)
Description:Tridium Niagara AX Framework和Niagara 4 Framework都是美国Tridium公司的物联网业务应用程序框架。 基于Windows平台的Tridium Niagara AX Framework 3.8及之前版本和Niagara 4 Framework 4.4及之前版本中存在路径遍历漏洞,该漏洞源于程序没有充分的过滤用户提交的输入。远程攻击者可借助有效的平台管理员凭证利用该漏洞获取敏感信息。
Description
 Proof of Concept (PoC) for  CVE: 2017-16744 and 2017-16748
介绍
# PoC for CVE-2017-16744 and CVE-2017-16748

* Proof of Concept (PoC)
* CVE: 2017-16744 and 2017-16748
* Date: 09/09/2019
* Exploit Author: GainSec - Jon Gaines
* Vendor Homepage: https://www.tridium.com/
* Version: Affects Tridium Niagara AX Versions: 3.8 and prior as well as Niagara 4 Versions: 4.4 and prior
* Discovered, Reported and PoC'd by Jon Gaines of GainSec & nVisium; Formerly of Stratum Security and Leet Cyber Security

## More Information

 * https://ics-cert.us-cert.gov/advisories/ICSA-18-191-03
 * https://nvd.nist.gov/vuln/detail/CVE-2017-16744
 * https://nvd.nist.gov/vuln/detail/CVE-2017-16748
 * https://vuldb.com/?id.123046

## Prerequisites

Python 3

## Authors

* **Jon Gaines** - *Initial work* - [GainSec](https://gainsec.com)

## License

This project is licensed under the GNU License - see the [LICENSE.md](LICENSE.md) file for details

## Acknowledgments

* https://blog.stratumsecurity.com/2018/09/06/cve-2017-16744-and-cve-2017-16748/
文件快照

 [4.0K]  /data/pocs/074652d3312de6e3aa03386d276b955eccc87e66
├── [ 34K]  LICENSE
├── [ 970]  README.md
├── [1.5K]  Tridium-PoC-Final-2.py
└── [ 478]  Tridium-PoC-Final.sh

0 directories, 4 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。