CVE-2023-49031 PoC — Tikit 安全漏洞

Source

https://github.com/Yoshik0xF6/CVE-2023-49031

Associated Vulnerability

Title:Tikit 安全漏洞 (CVE-2023-49031)
Description:Tikit是Tikit公司的一款 IT 服务管理平台。 Tikit 6.8.3.0版本存在安全漏洞，该漏洞源于路径遍历，允许远程攻击者读取任意文件并获取敏感信息。

Description

LFI Tikit eMarketing v6.8.3.0 (CVE-2023-49031)

Readme

# LFI Tikit eMarketing (CVE-2023-49031)
## Discovery
On November 2023, a novel local file inclusion vulnerability was identified in the “eMarketing” platform developed by Tikit (now Advanced) during a client engagement.
This issue was resolved with Advanced on February 2024

## Affected Versions 
This vulnerability has only been tested and vulnerable on version 6.8.3.0
![screenshot](/version.png)

## Attack Vector
The "filename" parameter used by "OpenLogFile" endpoint was found to be not sanitized. An unauthenticated threat actor may 
leverage this vulnerability to read arbitrary files from the local file system. 
![screenshot](/Attack_vector.png)
## POC
As a Proof-of-Concept (PoC), database credentials were collected from the "web.config" file found on a 
vulnerable machine. 
![screenshot](/POC.png)
## Vulnerability Check
An example HTTP GET payload (path + parameters) to read the hosts file on a vulnerable 
Windows system can be found below: 
* /DATA/Log/OpenLogFile?filename=C%3A%5CWindows%5CSystem32%5Cdrivers%
5Cetc%5Chosts
## Remediation
Update to the latest version of eMarketing

File Snapshot


 [4.0K]  /data/pocs/575c1638d9727e37121691a3c23a8c1342fea01c
├── [ 82K]  Attack_vector.png
├── [169K]  POC.png
├── [1.1K]  README.md
└── [ 35K]  version.png

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!