CVE-2024-0305 PoC — Guangzhou Yingke Electronic Technology Ncast 信息泄露漏洞

Source

https://github.com/jidle123/cve-2024-0305exp

Associated Vulnerability

Title:Guangzhou Yingke Electronic Technology Ncast 信息泄露漏洞 (CVE-2024-0305)
Description:Guangzhou Yingke Electronic Technology Ncast是广东盈科电子（Guangzhou Yingke Electronic Technology）公司的 Guangzhou Yingke Electronic Technology Ncast 2017及之前版本存在信息泄露漏洞，该漏洞源于组件Guest Login的文件/manage/IPSetup.php在信息泄露漏洞。

Description

cve-2024-0305可用的exp

Readme

# cve-2024-0305exp
cve-2024-0305可用的exp，如需引用请转明出处，感谢！
## 0x01 产品背景
Ncast盈可视高清智能录播系统是广州盈可视电子科技有限公司的一款产品。该系统存在RCE漏洞，攻击者可以利用此漏洞执行任意命令能够利用该漏洞获取服务器权限，导致服务器沦陷。
## 0x02 漏洞范围
> Ncast 2007
> Ncast 2017
## 0x03 漏洞寻找
> FOFA: app="Ncast-产品"
## 0x04 使用方法
> python cve-2024-0305.py -u {YOUR TARGET} -p {TARGET PORT}
注：不带http://
## 0x05 其他事项
该脚本默认使用RCE命令为whoami，如需进一步使用可自行修改。
![1713410522433](https://github.com/jidle123/cve-2024-0305exp/assets/123531867/f327e2d2-bb75-461b-ae5f-2cd3052f0a34)

File Snapshot


 [4.0K]  /data/pocs/846fb0041aa8b2a289c1cb1523621cd26a133eab
├── [1.3K]  cve-2024-0305.py
└── [ 768]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!