Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-46169 PoC — Cacti 命令注入漏洞

Source
https://github.com/Habib0x0/CVE-2022-46169
Associated Vulnerability
Title:Cacti 命令注入漏洞 (CVE-2022-46169)
Description:Cacti是Cacti团队的一套开源的网络流量监测和分析工具。该工具通过snmpget来获取数据,使用RRDtool绘画图形进行分析,并提供数据和用户管理功能。 Cacti v1.2.22版本存在命令注入漏洞,该漏洞源于未经身份验证的命令注入,允许未经身份验证的用户在运行Cacti的服务器上执行任意代码。
Description
Cacti: Unauthenticated Remote Code Execution Exploit in Ruby
Readme
# Cacti | Auth Bypass | RCE | CVE-2022-46169
Cacti: Unauthenticated Remote Code Execution Exploit in Ruby 

![Screenshot 2023-01-16 at 10 52 09 AM](https://user-images.githubusercontent.com/24976957/212615643-e0759d3b-0872-4058-adac-fdfb3c9cf90a.png)


# Cacti Docker 
This is a dockerized application that is vulnerable to the Cacti RCE vulnerability (CVE-2022-46169).
Follow the link to get Cacti running 
```
https://github.com/vulhub/vulhub/tree/master/cacti/CVE-2022-46169
```

# Usage

```
   _____           _   _   __   ___   __ ______    ___  ___    _____   _____ ______ 
  / ____|         | | (_) /_ | |__ \ /_ |____  |  |__ \|__ \  |  __ \ / ____|  ____|
 | |     __ _  ___| |_ _   | |    ) | | |   / /_____ ) |  ) | | |__) | |    | |__   
 | |    / _` |/ __| __| |  | |   / /  | |  / /______/ /  / /  |  _  /| |    |  __|  
 | |____ (_| | (__| |_| |  | |_ / /_ _| | / /      / /_ / /_  | | \ \| |____| |____ 
  \_____\__,_|\___|\__|_|  |_(_)____(_)_|/_/      |____|____| |_|  \_\\_____|______|
                                                                                    
                                                                                    
 By @Habib0x

Usage: CVE-2022-46169.rb [options]
    -u, --url URL                    Victim URL
    -f, --forwarded FORWARDED        X-Forwarded value to bypass the auth
    -i, --ip IP                      IP for reverse shell
    -p, --port PORT                  Port for reverse shell

```



https://user-images.githubusercontent.com/24976957/212615669-0dd754de-a57e-4a0d-b37e-dac49a4439b3.mp4
File Snapshot

 [4.0K]  /data/pocs/d8cb7297b6949b275e3a9dad035a82b9799ba6fe
├── [3.6K]  CVE-2022-46169.rb
└── [1.5K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.