CVE-2024-55457 PoC — MasterSAM Star Gate 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-55457.yaml

Associated Vulnerability

Title:MasterSAM Star Gate 安全漏洞 (CVE-2024-55457)
Description:MasterSAM Star Gate是MasterSAM公司的一个应用程序。旨在管理、保护和监控整个企业 IT 环境中的特权凭证和访问。 MasterSAM Star Gate 11版本存在安全漏洞，该漏洞源于/adama/adama/downloadService未对文件路径进行限制。攻击者利用该漏洞可以通过操纵file参数访问服务器任意文件。

Description

MasterSAM Star Gate v11 is vulnerable to a directory traversal attack via the endpoint /adama/adama/downloadService. An attacker can exploit this vulnerability by manipulating the file parameter to access arbitrary files on the server, potentially leading to the exposure of sensitive information.

File Snapshot


 id: CVE-2024-55457

info:
  name: MasterSAM Star Gate v11 - Local File Inclusion
  author: Dhiyanesh

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!