关联漏洞
描述
Exploit for CVE-2024-4956 affecting all previous Sonatype Nexus Repository 3.x OSS/Pro versions up to and including 3.68.0
介绍
# CVE-2024-4956-Sonatype-Nexus-Repository-Manager
**Sonatype Nexus Repository Manager** provides a central platform for storing build artifacts
**CVE-2024-4956** is a path traversal vulnerability in Sonatype Nexus Repository manager that allows an attacker to craft a URL to return any file as a download, including system files outside of Nexus Repository application scope, without any authentication.
**Affected Versions**: All previous Sonatype Nexus Repository 3.x OSS/Pro versions up to and including 3.68.0
**Python3 exploit Usage**: python3 exploitPython.py -u -p -f
**Python3 exploit Usage example**: python3 exploitPython.py -u http://127.0.0.1 -p 8081 -f /etc/passwd
**Bash exploit Usage**: ./exploitBash.sh -u targetUrl -p targetPort -f targetFile
**Bash exploit Usage example**: ./exploitBash.sh -u https://127.0.0.1 -p 8081 -f /etc/passwd
**Disclaimer**: This exploit is to be used only for educational and authorized testing purposes. Illegal/unauthorized use of this exploit is prohibited.
**References**:
https://support.sonatype.com/hc/en-us/articles/29416509323923-CVE-2024-4956-Nexus-Repository-3-Path-Traversal-2024-05-16
https://nvd.nist.gov/vuln/detail/CVE-2024-4956
https://exp10it.io/2024/05/%E9%80%9A%E8%BF%87-java-fuzzing-%E6%8C%96%E6%8E%98-nexus-repository-3-%E7%9B%AE%E5%BD%95%E7%A9%BF%E8%B6%8A%E6%BC%8F%E6%B4%9E-cve-2024-4956/
文件快照
[4.0K] /data/pocs/b3fa67a31ef6139c59d756f6fe1c669b30079167
├── [1.7K] exploitBash.sh
├── [1.5K] exploitPython.py
└── [1.3K] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。