Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-37265 PoC — CasaOS 访问控制错误漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-37265.yaml
Associated Vulnerability
Title:CasaOS 访问控制错误漏洞 (CVE-2023-37265)
Description:CasaOS是一个简单、易用、优雅的开源家庭云系统。 CasaOS 0.4.4之前版本存在访问控制错误漏洞,该漏洞源于缺乏验证IP地址。攻击者利用该漏洞可以以root身份执行任意命令。
Description
CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as `root` on CasaOS instances. The problem was addressed by improving the detection of client IP addresses in `391dd7f`. This patch is part of CasaOS 0.4.4. Users should upgrade to CasaOS 0.4.4. If they can't, they should temporarily restrict access to CasaOS to untrusted users, for instance by not exposing it publicly.
File Snapshot

 id: CVE-2023-37265

info:
  name: CasaOS  < 0.4.4 - Authentication Bypass via Internal IP
  author: 

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.