CVE-2024-54761 PoC — BigAntSoft BigAnt office messenger 安全漏洞

Source

https://github.com/nscan9/CVE-2024-54761-BigAnt-Office-Messenger-5.6.06-RCE-via-SQL-Injection

Associated Vulnerability

Title:BigAntSoft BigAnt office messenger 安全漏洞 (CVE-2024-54761)
Description:BigAntSoft BigAnt office messenger是澳大利亚BigAntSoft公司的一个针对企业环境的服务器/客户端即时消息程序。 BigAntSoft BigAnt office messenger 5.6.06版本存在安全漏洞。攻击者利用该漏洞可以通过“dev_code”参数进行 SQL 注入攻击。

Readme

# CVE-2024-54761 BigAnt Office Messenger 5.6.06 RCE via SQL Injection
The SQL injection vulnerability in BigAnt Messenger causes the RCE vulnerability
# Exploit
We extract the database version used in the 'dev_code' parameter exposed to SQL injection
![SQLI version](https://github.com/user-attachments/assets/109a800c-af76-4a0b-9b42-0f03d0a9acbe)
Thanks to the wrong configuration in SQL, we can upload webshell to the target using SQL stack queries.
![crate webshell 1](https://github.com/user-attachments/assets/258f0ae0-8c8e-4b09-b454-fcd4339d877c)
Proof of command injection:
![whoami](https://github.com/user-attachments/assets/94c2bf8e-6ba3-4329-aeaa-44215f88fed0)
![command dir](https://github.com/user-attachments/assets/07320b55-01c7-4e34-8d26-4b3a0d62d817)
# Timeline
31-10-2024: Submitted vulnerabilities to vendor via email

31-10-2024: Emailed vendor, no response

15-11-2024: Emailed vendor, no response

15-11-2024: Requested CVEs
# Reference
https://www.bigantsoft.com

File Snapshot


 [4.0K]  /data/pocs/b6d91f5232179bb9ddb0d8cb5d3fdd50fc2a551e
└── [ 986]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!