关联漏洞
标题:
NginxProxyManager 安全漏洞
(CVE-2024-46256)
描述:NginxProxyManager是NginxProxyManager个人开发者的用于管理 Nginx 代理主机的 Docker 容器,具有简单、强大的界面。 NginxProxyManager 2.11.3版本存在安全漏洞,该漏洞源于存在命令注入漏洞,允许攻击者通过Add Lets Encrypt证书进行远程代码执行。
介绍
# CVE-2024-46256 & CVE-2024-46257 – PoC Simulation
## Overview
This repository contains a step-by-step, image-backed Proof of Concept (PoC) simulating two vulnerabilities in Nginx Proxy Manager that enable OS Command Injection, leading to Remote Code Execution (RCE) after authentication.
- Affected product: Nginx Proxy Manager
- Affected version: v2.11.3
- Impact: Authenticated RCE (observed with root privileges in PoC)
## Contents
- `POC.md`: Detailed write-up of the analysis and exploitation steps, including payloads and observations.
- `static/`: Screenshots referenced by `POC.md` in the order they appear.
## How to Use
1. Open `POC.md` to follow the simulation narrative.
2. Each section references images from `static/` to illustrate setup, code review, exploitation, and results.
## Notes and Disclaimer
- The PoC is for educational and defensive security research only.
- Do not use against systems you do not own or have explicit permission to test.
- Always update to patched versions and apply least-privilege principles.
## References
- Nginx Proxy Manager repository: https://github.com/NginxProxyManager/nginx-proxy-manager
- CVE-2024-46256
- CVE-2024-46257
文件快照
[4.0K] /data/pocs/5d0abda2d4f8a27cd3230bf0662e794c06258a51
├── [5.8K] POC.md
├── [1.2K] README.md
└── [4.0K] static
├── [116K] 10.png
├── [163K] 1.png
├── [ 87K] 2.png
├── [ 49K] 3.png
├── [230K] 4.png
├── [267K] 5.png
├── [202K] 6.png
├── [104K] 7.png
├── [173K] 8.png
└── [292K] 9.png
1 directory, 12 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。