CVE-2024-25641 PoC — Cacti 安全漏洞

Source

https://github.com/regantemudo/CVE-2024-25641-Exploit-for-Cacti-1.2.26

Associated Vulnerability

Title:Cacti 安全漏洞 (CVE-2024-25641)
Description:Cacti是Cacti团队的一套开源的网络流量监测和分析工具。该工具通过snmpget来获取数据，使用RRDtool绘画图形进行分析，并提供数据和用户管理功能。 Cacti 1.2.27之前版本存在安全漏洞，该漏洞源于存在任意文件写入漏洞，允许经过身份验证的用户在Web服务器上执行任意PHP代码。

Readme

# CVE-2024-25641 Exploit for Cacti 1.2.26

Exploiting CVE-2024-25641 on Cacti 1.2.26. When a user is authenticated, an arbitrary file write vulnerability allows Remote Code Execution (RCE).

---

## Overview
This script automates the process of exploiting **CVE-2024-25641** in **Cacti 1.2.26**. The vulnerability allows authenticated users with the `Import Templates` permission to achieve **Remote Code Execution (RCE)** via the `Package Import` feature.

📌 **Original Advisory:** [GitHub Security Advisory](https://github.com/Cacti/cacti/security/advisories/GHSA-7cmj-g5qc-pj88)

----
## Features
- ✅ **Fully Automated Exploitation**: Simplifies the attack process.
- ⚡ **Flexible Targeting**: Easily configure target URL, credentials, and payload.
- 📦 **Dependency Management**: Ensure smooth installation via `requirements.txt`.

## Prerequisites
Ensure you have the following installed:
- 🐍 **Python 3.x**
- 📜 Required Python modules (install via `requirements.txt`)

## Installation
Clone the repository:
```sh
git clone https://github.com/regantemudo/CVE-2024-25641-Exploit-for-Cacti-1.2.26.git
cd CVE-2024-25641-Exploit-for-Cacti-1.2.26
```

Install dependencies:
```sh
pip install -r requirements.txt
```

## Usage
### 🚀 Prepare Your PHP Payload
By default, the script uses `./php/reverse_shell.php` as the payload. Modify the IP address and port inside the PHP script accordingly.

### 🔥 Run the Exploit
```sh
python3 cacti_exploit.py <URL> <username> <password> [-p <payload_path>]
```

#### Arguments:
- 🌍 `URL`: The target Cacti URL.
- 👤 `username`: Login username.
- 🔑 `password`: Login password.
- 🛠️ `-p/--payload`: (Optional) Path to a custom PHP payload (default: `./php/reverse_shell.php`).

### ⚡ Execute the Payload
Once the script successfully uploads the PHP payload, execute it via the browser or directly through the script.

## Project Structure
```
CVE-2024-25641-Exploit-for-Cacti-1.2.26/
│── php/
|  ├── reverse_shell.php
│── README.md
│── cacti_exploit.py
│── requirements.txt
```

## ⚠️ Disclaimer
This tool is strictly for **educational and authorized penetration testing**. Unauthorized use is illegal and may lead to severe consequences. The authors hold no responsibility for any misuse or damage caused by this software.

File Snapshot


 [4.0K]  /data/pocs/0fad1ed16e4cc343122c00b6b0c8f86997981598
├── [4.6K]  cacti_exploit.py
├── [4.0K]  php
│   └── [5.4K]  reverse_shell.php
├── [2.3K]  README.md
└── [ 185]  requirements.txt

1 directory, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!