Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-47533 PoC — Cobbler 授权问题漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-47533.yaml
Associated Vulnerability
Title:Cobbler 授权问题漏洞 (CVE-2024-47533)
Description:Cobbler是Cobbler开源的一款网络安装服务器套件,它主要用于快速建立Linux网络安装环境。 Cobbler 3.0.0到3.2.3和3.3.7之前版本存在授权问题漏洞,该漏洞源于身份验证不当,导致任何能够通过网络访问服务器的人都可以完全控制该服务器。
Description
Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. `utils.get_shared_secret()` always returns `-1`, which allows anyone to connect to cobbler XML-RPC as user `''` password `-1` and make any changes. This gives anyone with network access to a cobbler server full control of the server. Versions 3.2.3 and 3.3.7 fix the issue.
File Snapshot

 id: CVE-2024-47533

info:
  name: Cobbler 'XML-RPC' - Authentication Bypass
  author: songyaeji
  se

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.