支持本站 — 捐款将帮助我们持续运营

目标: 1000 元,已筹: 1000

100.0%
立即捐款

POC详情: a730c7dc28a486681dd3b8521e5a9a5cf6a9941d

来源
https://github.com/th3gokul/CVE-2024-5009
关联漏洞
标题:Progress Software WhatsUp Gold 安全漏洞 (CVE-2024-5009)
Description:Progress Software WhatsUp Gold是美国Progress Software公司的一款网络监控软件。用于监控整个网络基础设施以及应用程序、配置和网络流量。 Progress Software WhatsUp Gold 2023.1.3版本存在安全漏洞,该漏洞源于 Wug.UI.Controllers.InstallController.SetAdminPassword 中存在不当访问控制,允许本地攻击者修改管理员的密码。
Description
CVE-2024-5009 : WhatsUp Gold SetAdminPassword Privilege Escalation
介绍
# CVE-2024-5009 : WhatsUp Gold SetAdminPassword Privilege Escalation
CVEHunter tool for vulnerability detection and exploitation tool for CVE-2024-5009 with Asychronous Performance.

<h1 align="center">
  <img src="https://github.com/th3gokul/CVE-2024-5009/assets/89386101/ea624ea0-d705-492c-ba70-9de092e9a340" width="2000px">
  <br>
</h1>

### Installation

```bash
git clone https://github.com/th3gokul/CVE-2024-5009.git
cd CVE-2024-5009
pip install -r requirements.txt
python3 cvehunter.py --help
```

### 🚀 Usage

```bash
python3 cvehunter.py -h

  ____ __     __ _____  _   _                _               
 / ___|\ \   / /| ____|| | | | _   _  _ __  | |_   ___  _ __ 
| |     \ \ / / |  _|  | |_| || | | || '_ \ | __| / _ \| '__|
| |___   \ V /  | |___ |  _  || |_| || | | || |_ |  __/| |   
 \____|   \_/   |_____||_| |_| \__,_||_| |_| \__| \___||_| 
     CVE-2024-5009                      @th3gokul

[Description]: Vulnerability Detection and Exploitation
tool for CVE-2024-5009

options:
  -h, --help            show this help message and exit
  -u URL, --url URL     [INF]: Specify a URL or domain
                        for vulnerability detection
  -l LIST, --list LIST  [INF]: Specify a list of URLs
                        for vulnerability detection
  -t THREADS, --threads THREADS
                        [INF]: Number of threads for
                        list of URLs
  -proxy PROXY, --proxy PROXY
                        [INF]: Proxy URL to send request
                        via your proxy
  -v, --verbose         [INF]: Increases verbosity of
                        output in console
  -o OUTPUT, --output OUTPUT
                        [INF]: Filename to save output
                        of vulnerable target]
```
### About
The 🔨tool is Developed by [th3Gokul](https://www.linkedin.com/in/gokul-v-13455521a/) to detect and exploit the CVE-2024-5009 : WhatsUp Gold SetAdminPassword Privilege Escalation
### Disclaimer
The ⚒️tool is only for education and ethical purpose only and Developers are not responsible for any illegal exploitations.
### Reference 
[https://tantosec.com/blog/docassemble/
](https://summoning.team/blog/progress-whatsup-gold-privesc-setadminpassword-cve-2024-5009/)
文件快照

 [4.0K]  /data/pocs/a730c7dc28a486681dd3b8521e5a9a5cf6a9941d
├── [6.4K]  cvehunter.py
├── [2.2K]  README.md
└── [  91]  requirements.txt

0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。