关联漏洞
介绍
# RCE vulnerability in Mirth Connect (CVE-2023-37679 and CVE-2023-43208)
This exploit script and PoC are written for an in-depth CVE analysis on [vsociety](https://www.vicarius.io/vsociety/).
CVE-2023-43208 is a serious security bug in NextGen Mirth Connect, a tool used by hospitals and clinics to share patient data. This bug lets hackers break into the system without needing a password. Since Mirth Connect is widely used in healthcare, fixing this bug quickly is crucial to protect patient information.
The bug came to light after an earlier problem, CVE-2023-37679, was supposed to be fixed. However, the fix wasn't enough, leading to the discovery of CVE-2023-43208. This new issue affects all versions of Mirth Connect up to 4.4.0 and needs an update to version 4.4.1 to be safe.
## Usage
```bash
# Detection script
python3 detection.py https://localhost:8443
# Unix (default)
python3 CVE-2023-37679.py -u https://localhost:8443 -c 'touch /tmp/proof'
# Windows
python3 CVE-2023-37679.py -u https://localhost:8443 -c 'calc' -p win
```
## Disclaimer
This exploit script has been created solely for research and the development of effective defensive techniques. It is not intended to be used for any malicious or unauthorized activities. The script's author and owner disclaim any responsibility or liability for any misuse or damage caused by this software. Just so you know, users are urged to use this software responsibly and only by applicable laws and regulations. Use responsibly.
文件快照
[4.0K] /data/pocs/b73f0a2c4a8866a4cdb79c4f99988a87ace64e1c
├── [2.3K] CVE-2023-37679.py
├── [3.8K] CVE-2023-43208.py
├── [1.7K] detection.py
└── [1.5K] README.md
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。