POC详情: 6283f959205ef22400ac791a609f389dcca55e7b

来源
https://github.com/r0otk3r/CVE-2024-1212
关联漏洞
标题: Kemp LoadMaster 安全漏洞 (CVE-2024-1212)
描述:Kemp LoadMaster是Kemp公司的一款高度安全的应用程序。 Kemp LoadMaster 7.2.48.1版本存在安全漏洞,该漏洞源于允许未经身份验证的远程攻击者通过LoadMaster管理接口访问系统,从而执行任意系统命令。
介绍
# CVE-2024-1212 - Progress Kemp LoadMaster Unauthenticated Command Injection

This is an exploit script for **CVE-2024-1212**, an **unauthenticated command injection vulnerability** in **Progress Kemp LoadMaster**.

---

## Vulnerability Summary

**CVE-2024-1212** affects **Progress Kemp LoadMaster**, allowing **unauthenticated attackers** to execute arbitrary commands on the system via a crafted HTTP request to the `/access/set` endpoint.

## Features

- Unauthenticated Remote Command Execution (RCE)
- Randomized `User-Agent` headers to avoid basic detection
- Proxy support for Burp/ZAP interception (`-p`)
- Output logging to file (`-o`)

## Usage

```bash
python3 cve_2024_1212_exploit.py -u <TARGET_URL> -c <COMMAND>
```

## Options
| Argument          | Description                                                        |
| ----------------- | ------------------------------------------------------------------ |
| `-u`, `--url`     | Target base URL (e.g., `http://192.168.1.1`) **\[REQUIRED]**       |
| `-c`, `--command` | Command to execute (default: `id`)                                 |
| `-p`, `--proxy`   | Proxy URL (e.g., `http://127.0.0.1:8080`) for intercepting traffic |
| `-o`, `--output`  | Save the output to a file (e.g., `result.txt`)                     |
---

### Example
```bash
python3 cve_2024_1212_exploit.py -u http://192.168.100.1 -c "uname -a" -p http://127.0.0.1:8080 -o output.txt
```
---

<img width="1351" height="257" alt="1" src="https://github.com/user-attachments/assets/a5a1dee8-f532-4b23-8be6-85f33ec3356f" />

---

### Request/Response

<img width="1365" height="403" alt="2" src="https://github.com/user-attachments/assets/9bdb5d5c-f0c3-49ab-ac3f-c7aba60204e2" />

## ⚠️ DISCLAIMER
 
This script is provided for **educational and authorized security testing** purposes only.

---

## Official Channels

- [YouTube @rootctf](https://www.youtube.com/@rootctf)
- [X @r0otk3r](https://x.com/r0otk3r)
文件快照

 [4.0K]  /data/pocs/6283f959205ef22400ac791a609f389dcca55e7b
├── [2.9K]  cve_2024_1212_exploit.py
└── [1.9K]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。