CVE-2024-29895 PoC — Cacti 安全漏洞

Source

https://github.com/Rubioo02/CVE-2024-29895

Associated Vulnerability

Title:Cacti 安全漏洞 (CVE-2024-29895)
Description:Cacti是Cacti团队的一套开源的网络流量监测和分析工具。该工具通过snmpget来获取数据，使用RRDtool绘画图形进行分析，并提供数据和用户管理功能。 Cacti存在安全漏洞，该漏洞源于存在命令注入漏洞，允许任何未经身份验证的用户在服务器上执行任意命令。

Description

CVE-2024-29895 | RCE on CACTI 1.3.X dev

Readme

# CVE-2024-29895 - RCE ON CACTI

> [!WARNING]  
> This is an educational project, I am not responsible for any use

## Usage:

`python3 poc.py -c whoami [-u https://localhost] [-f urls.txt]`

## CVE-2024-29895
CVE-2024-29895, Is a command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server

## How does it work?
On cacti versions `1.3.X dev` where `cmd_realtime.php` is present and `register_argc_argv` option is `ON` the command injection is possible thanks to manipulation of the `poller_id` parameter of an input in a `get` request

## Dork:
Google: `inurl:cmd_realtime.php`

Shodan: `Cacti`

File Snapshot


 [4.0K]  /data/pocs/d788ca20f1e22acbb20dafc4a1fe500c7fbc32cd
├── [3.3K]  poc.py
└── [ 667]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!