CVE-2024-41628 PoC — Severalnines Cluster Control 安全漏洞

Source

https://github.com/Redshift-CyberSecurity/CVE-2024-41628

Associated Vulnerability

Title:Severalnines Cluster Control 安全漏洞 (CVE-2024-41628)
Description:Severalnines Cluster Control是Severalnines公司的一款用于数据库集群的无代理管理和自动化软件。 Severalnines Cluster Control 1.9.8-9778之前的1.9.8版本、2.0.0-9779之前的2.0.0版本和2.1.0-9780之前的2.1.0版本存在安全漏洞，该漏洞源于存在目录遍历漏洞，远程攻击者可以通过CMON API在HTTP请求中包含和显示文件内容。

Readme

# CVE-2024-41628

Simple exploit script developed by Redshift Cyber Security to exploit (CVE-2024-41628) ClusterControl LFI vulnerability.

The vulnerability affects the CMON API and specifically the RPC and RPC-TLS user interfaces which by default reside on port 9500 and 9501 respectively.

Due to ClusterControl also typically running as root, any system file can be retrieved.

Examples of files to retrieve:
- /etc/shadow
- /etc/passwd
- /root/.ssh/id_rsa
- /etc/cmon.cnf - (Contains ClusterControl RPC Key) 

Affected versions of ClusterControl are 1.9.8 before 1.9.8-9778, 2.0.0 before 2.0.0-9779, and 2.1.0 before 2.1.0-9780.

## Usage: 
```python
python3 CVE-2024-41628.py ip port file
```
## Help: 
```python
python3 CVE-2024-41628.py -h
```
## Example: 
```python
python3 CVE-2024-41628.py 127.0.0.1 9500 /etc/shadow
```

File Snapshot


 [4.0K]  /data/pocs/7dc8528d1956b14b9826d449c1fb46312b9176f5
├── [1.9K]  CVE-2024-41628.py
└── [ 832]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!