Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-2053 PoC — Artica Proxy 安全漏洞

Source
https://github.com/b-L-x/CVE-2024-2053
Associated Vulnerability
Title:Artica Proxy 安全漏洞 (CVE-2024-2053)
Description:Artica Proxy是西班牙Artica公司的一款开源的Artica代理解决方案。 Artica Proxy 4.40版本和4.50版本存在安全漏洞,该漏洞源于存在本地文件包含漏洞。
Description
CVE-2024-2053
Readme
<h1 align="center">LFI to RCE Exploit via Log Poisoning</h1>

<div align="center">
  <strong>Python3 exploit for CVE-2024-2053 (Artica Proxy)</strong>
</div>

<h2>📝 Description</h2>
<p>This Python3 script exploits Local File Inclusion (LFI) vulnerabilities to achieve Remote Code Execution (RCE) through log poisoning techniques. Specifically designed for Artica Proxy (CVE-2024-2053) but adaptable to other LFI scenarios.</p>

<h2>⚡ Features</h2>
<ul>
  <li>Multiple LFI test vectors (<code>/etc/passwd</code>, <code>/proc/self/environ</code>)</li>
  <li>4 different PHP payload variants for evasion</li>
  <li>Automatic webshell deployment</li>
  <li>Proxy support (Burp/OWASP ZAP)</li>
  <li>SSL verification toggle</li>
  <li>Verbose debugging mode</li>
</ul>

<h2>🛠️ Installation</h2>
<pre><code>git clone https://github.com/yourusername/artica-lfi-rce.git
cd artica-lfi-rce
pip3 install -r requirements.txt</code></pre>

<h2>🚀 Usage</h2>
<pre><code>python3 artica.py &lt;target_url&gt; &lt;endpoint&gt; [options]

<b>Basic:</b>
python3 artica.py http://vulnerable.com /images.listener.php

<b>With proxy:</b>
python3 artica.py https://target.com:9000 /vuln.php -p http://127.0.0.1:8080

<b>Verbose mode:</b>
python3 artica.py http://victim.com /endpoint.php -v

<b>Ignore SSL errors:</b>
python3 artica.py https://self-signed.com /path.php --no-verify</code></pre>

<h2>🎯 Technical Details</h2>
<table>
  <tr>
    <th>Component</th>
    <th>Description</th>
  </tr>
  <tr>
    <td>Payloads</td>
    <td>
      <ul>
        <li>File writer (<code>file_put_contents</code>)</li>
        <li>Base64 decoder variant</li>
        <li>Compact function caller</li>
      </ul>
    </td>
  </tr>
  <tr>
    <td>Injection Points</td>
    <td>User-Agent, Referer, Cookies, GET parameters</td>
  </tr>
  <tr>
    <td>Webshell</td>
    <td>Randomized filename (<code>shell_[TIMESTAMP].php</code>)</td>
  </tr>
</table>

<h2>⚠️ Legal Disclaimer</h2>
<p><em>This tool is provided for educational and authorized penetration testing purposes only. The developer assumes no liability and is not responsible for any misuse or damage caused by this program.</em></p>

<h2>📜 License</h2>
<p>MIT License - Copyright (c) 2024</p>
File Snapshot

 [4.0K]  /data/pocs/d380e1c9245cb19907acec28f2116d84a3164e72
├── [5.8K]  CVE-2024-2053.py
├── [1.8K]  CVE-2024-2053.yaml
├── [1.0K]  LICENSE
├── [2.2K]  README.md
└── [ 262]  requirements.txt

0 directories, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.