关联漏洞
Description
Proof-Of-Concept (POC) for CVE-2024-4956
介绍
# Servers vulnerable to [CVE-2024-4956](https://support.sonatype.com/hc/en-us/articles/29416509323923-CVE-2024-4956-Nexus-Repository-3-Path-Traversal-2024-05-16)
Nexus Repository Manager 3 Unauthenticated Path Traversal
Servers running on the nexus docker image are excluded
all-servers-from-shodan.txt - list of all sonatype nexus servers on shodan\
all-servers-vulnerable.txt - list of all vulnerable sonatype nexus servers that are vulnerable\
all-servers-running-as-root-vulnerable.txt - list of all vulnerable sonatype nexus servers that are being ran as root
check-vulnerable-servers.py - checks if /etc/passwd exists from all-servers-from-shodan.txt\
check-root-servers.py - checks if /etc/shadow exists from all-servers-from-shodan.txt\
check-private_keys.py - checks for common private key paths on root from all-servers-running-as-root-vulnerable.txt and tries to ssh as root with found keys
文件快照
[4.0K] /data/pocs/5dfeaf1e5802a9f7db511560eafd1c9f71d8e0d8
├── [ 58K] all-servers-from-shodan.txt
├── [6.9K] all-servers-running-as-root-vulnerable.txt
├── [ 13K] all-servers-vulnerable.txt
├── [1.7K] check-private_keys.py
├── [ 952] check-root-servers.py
├── [ 879] check-vulnerable-servers.py
└── [ 907] README.md
0 directories, 7 files
备注
1. 建议优先通过来源进行访问。
2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →