CVE-2024-31819 PoC — WWBN AVideo 安全漏洞

Source

Associated Vulnerability

Description

Unauthenticated Remote Code Execution (RCE) Vulnerability in WWBNIndex Plugin of AVideo Platform from 12.4 to 14.2

Readme

# AVideo CVE-2024-31819 🎥🔒💥

This Python script is an exploit for a critical unauthenticated Remote Code Execution (RCE) vulnerability found in the `WWBNIndex` plugin of the `AVideo` platform.

## ⚠️ Vulnerability Summary

The vulnerability lies in the `submitIndex.php` file of the `WWBNIndex` plugin for the `AVideo` platform. This file improperly handles user-supplied input through the `$_POST['systemRootPath']` parameter. The application uses this parameter in a `require_once` statement without sanitizing or validating the input, leading to the inclusion and execution of arbitrary PHP code.

## 📁 Affected Component

The affected component is the `submitIndex.php` file within the `WWBNIndex` plugin of the `AVideo` platform.

## 💥 Impact

This vulnerability allows unauthenticated attackers to execute arbitrary code on the server hosting the `AVideo` platform. Successful exploitation could lead to complete compromise of the server, unauthorized data access, and potential further attacks within the network infrastructure. This constitutes a severe security risk.

## 🎯 Attack Vector

The vulnerability can be exploited by sending a specially crafted POST request to the `submitIndex.php` file. This request includes a maliciously crafted `systemRootPath` parameter, exploiting the application's failure to sanitize user-supplied input properly.

## 🛠️ Mitigation

Immediate action should be taken to patch this vulnerability. The application developers should sanitize and validate all user-supplied inputs rigorously. Users of the `AVideo` platform should update the `WWBNIndex` plugin as soon as a security patch is released. Disabling the affected plugin until an update is available is also advisable to mitigate risk.

## 🔍 Affected Versions

Based on our assessments, versions 12.4 to 14.2 of the AVideo platform are vulnerable to this exploit. It is strongly recommended for administrators of the AVideo platform to review and upgrade their installations if they fall within these versions to ensure the security of their systems.

## 📜 Proof of Concept

1. An attacker generates a malicious PHP filter chain designed to execute arbitrary PHP code (e.g., using `php_filter_chain_generator.py` for `<?php system('id'); ?>`).
2. The attacker then crafts a POST request that includes this PHP filter chain in the `systemRootPath` parameter, targeting the vulnerable `submitIndex.php` endpoint.

## Usage

The script can be used as follows:

```bash
python3 AVideoExploit.py -u TARGET_URL
```

or for multiple targets:

```bash
python3 AVideoExploit.py -f URLS_FILE -t THREADS -o OUTPUT_FILE
```

Where:

- `TARGET_URL` is the base URL of the target AVideo platform.
- `URLS_FILE` is a file containing a list of target URLs.
- `THREADS` is the number of concurrent threads to use for scanning multiple targets.
- `OUTPUT_FILE` is the file to which output should be written.

## Note

This script is for educational purposes only. Do not use it for illegal activities. The author is not responsible for any misuse of this tool.

File Snapshot

 [4.0K]  /data/pocs/389139b256f86001b7cdaa60be6b389ba830e0a5
├── [4.0K]  documentation
│   └── [4.0K]  modules
│       └── [4.0K]  exploit
│           └── [4.0K]  multi
│               └── [4.0K]  http
│                   └── [6.3K]  avideo_wwbnindex_unauth_rce.md
├── [8.8K]  exploit.py
├── [4.0K]  modules
│   └── [4.0K]  exploits
│       └── [4.0K]  multi
│           └── [4.0K]  http
│               └── [4.0K]  avideo_wwbnindex_unauth_rce.rb
├── [7.4K]  php_filter_chain.py
├── [3.0K]  README.md
└── [  91]  requirements.txt

9 directories, 6 files

Remarks