CVE-2024-6049 PoC — Lawo AG vsm LTC Time Sync 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-6049.yaml

Associated Vulnerability

Title:Lawo AG vsm LTC Time Sync 安全漏洞 (CVE-2024-6049)
Description:Lawo vsm LTC Time Sync（Lawo vTimeSync）是Lawo公司的一款应用程序。 Lawo AG vsm LTC Time Sync 4.5.6.0之前版本存在安全漏洞，该漏洞源于存在路径遍历漏洞，未经身份验证的远程攻击者可以通过发送特制的HTTP请求从操作系统下载任意文件。

Description

The web server of Lawo AG vsm LTC Time Sync (vTimeSync) is affected by a "..." (triple dot) path traversal vulnerability. By sending a specially crafted HTTP request, an unauthenticated remote attacker could download arbitrary files from the operating system. As a limitation, the exploitation is only possible if the requested file has some file extension, e. g. .exe or .txt.

File Snapshot


 id: CVE-2024-6049

info:
  name: Lawo AG vsm LTC Time Sync (vTimeSync) - Path Traversal
  author: s4

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!