Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-48990 PoC — needrestart 安全漏洞

Source
https://github.com/ally-petitt/CVE-2024-48990-Exploit
Associated Vulnerability
Title:needrestart 安全漏洞 (CVE-2024-48990)
Description:needrestart是liske个人开发者的一款用于检查升级后需要重新启动哪些守护进程的工具。 needrestart 3.8之前版本存在安全漏洞,该漏洞源于允许本地攻击者通过诱骗needrestart使用攻击者控制的PYTHONPATH环境变量运行Python解释器,并以root身份执行任意代码。
Description
My exploit for CVE-2024-48990. Full details of how I made this are on my blog.
Readme
# CVE-2024-48990 Exploit


My full writeup for how I came to re-discovering this N-day and creating my own exploit for it can be found on [my blog](https://ally-petitt.com/en/posts/2024-12-25_Rediscovering-CVE-2024-48990-and-Crafting-My-Own-Exploit.md).

Essentially, you can `git clone` this repository into an attacker-controlled directory, `export PYTHONPATH=<attacker_directory>`, and then run `main.py` with that `PYTHONPATH` value set. Then, set up a netcat listener on 127.0.0.1:1337 and wait for a cron job or system administrator to run a `sudo apt install` on the system to see a root shell in your listener.
File Snapshot

 [4.0K]  /data/pocs/7c1f4940b64ab96accefcf39dfaa51531fee5c3c
├── [4.0K]  importlib
│   └── [ 124]  __init__.py
├── [1.0K]  LICENSE
├── [  19]  main.py
└── [ 619]  README.md

1 directory, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.