CVE-2024-29895 PoC — Cacti 安全漏洞

Source

https://github.com/Stuub/CVE-2024-29895-CactiRCE-PoC

Associated Vulnerability

Title:Cacti 安全漏洞 (CVE-2024-29895)
Description:Cacti是Cacti团队的一套开源的网络流量监测和分析工具。该工具通过snmpget来获取数据，使用RRDtool绘画图形进行分析，并提供数据和用户管理功能。 Cacti存在安全漏洞，该漏洞源于存在命令注入漏洞，允许任何未经身份验证的用户在服务器上执行任意命令。

Description

CVE-2024-29895 PoC - Exploiting remote command execution in Cacti servers using the 1.3.X DEV branch builds

Readme

## Cacti RCE - CVE-2024-29895

![image](https://github.com/Stuub/CVE-2024-29895-CactiRCE-PoC/assets/60468836/04ffb7ff-cf58-47be-90d7-d0422e4cb100)

## Usage:

`python3 cve-2024-29895.py -u https://target.com/ -c id`

Affecting Cacti versions 1.3.X on DEV builds where `cmd_realtime.php` is present and `POLLER_ID` is enabled.

Command Injection is possible via this endpoint, by requesting via GET with payload as HTML Query Parameters

## Dork:
Google: `inurl:cmd_realtime.php`

Shodan: `Cacti`

Hunter.how: `/product.name="Cacti"`

FOFA: `app="Cacti-Monitoring"`

## Version Checking

![image](https://github.com/Stuub/CVE-2024-29895-CactiRCE-PoC/assets/60468836/992fb9e6-426a-452c-b168-aa6e10303bc9)

## Disclaimer

Please exercise caution when using this PoC. It has been strictly developed to serve as a tool automate the validation of the vulnerability.
Any misuse caused is at your own responsibility.

File Snapshot


 [4.0K]  /data/pocs/724f28913ee8b8af75ead70733f8f106457a3398
├── [4.8K]  CVE-2024-29895.py
└── [ 911]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!