CVE-2022-24716 PoC — Icinga Web 2 路径遍历漏洞

Source

https://github.com/pumpkinpiteam/CVE-2022-24716

Associated Vulnerability

Title:Icinga Web 2 路径遍历漏洞 (CVE-2022-24716)
Description:Icinga Web 2是一个应用软件。Icinga Web 2是Icinga Project开发的下一代开源监控 Web 界面、框架和命令行界面，支持 Icinga 2、Icinga Core 和任何其他兼容 IDO 数据库的监控后端。 Icinga Web 2 存在路径遍历漏洞，该漏洞源于未经认证的Icinga Web 2 用户可以泄露web-server用户可以访问的本地系统文件的内容，包括带有数据库凭据的“icingaweb2”配置文件。

Readme

# CVE-2022-24716

Exploit for the vulnerability: Arbitrary File Disclosure Vulnerability in Icinga Web 2 <2.8.6, <2.9.6, <2.10

https://www.sonarsource.com/blog/path-traversal-vulnerabilities-in-icinga-web/

Help:

`python3 exploit.py -h`

Usage example:

`python3 -u http://127.0.0.1:8080 -f /etc/passwd`

DISCLAIMER: This script is made to audit the security of systems. Only use this script on your own systems or on systems you have written permission to exploit.

File Snapshot


 [4.0K]  /data/pocs/5cc7c3f484873ead2b8eec71616a3cb020d881d6
├── [ 456]  exploit.py
└── [ 468]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!