CVE-2024-2054 PoC — Artica Proxy 代码问题漏洞

Source

https://github.com/Madan301/CVE-2024-2054

Associated Vulnerability

Title:Artica Proxy 代码问题漏洞 (CVE-2024-2054)
Description:Artica Proxy是西班牙Artica公司的一款开源的Artica代理解决方案。 Artica Proxy 4.50版本存在代码问题漏洞，该漏洞源于存在未经身份验证的PHP反序列化漏洞。

Readme

# CVE-2024-2054 Artica-Proxy administrative web application insecure deserialization (RCE)

An exploit proof of concept for ARTICA PROXY Administrative web application CVE-2024-2054

# Blog Post
More details here: https://blog.sonicwall.com/en-us/2024/03/unpatched-php-deserialization-vulnerability-in-artica-proxy/

# Usage

```
$ python3 CVE-2024-2054.py
Enter url: https://8X.XX.XX.X4:9000
Vulnerable
enter command: ls

assets
index.html
wiz.upload.php
wiz.wizard.php
wiz.wizard.progress.php

```
# Disclaimer

This POC has been created purely for the purposes of academic research and for the development of effective defensive techniques, and is not intended to be used to attack systems except where explicitly authorized. Project creator/maintainers are not responsible or liable for misuse of the software/POC. Use responsibly.

File Snapshot


 [4.0K]  /data/pocs/785c60148ac11f67bd6468d7e54747da81941a1e
├── [2.0K]  CVE-2024-2054.py
└── [ 836]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!