CVE-2022-46169 PoC — Cacti 命令注入漏洞

Source

https://github.com/sAsPeCt488/CVE-2022-46169

Associated Vulnerability

Title:Cacti 命令注入漏洞 (CVE-2022-46169)
Description:Cacti是Cacti团队的一套开源的网络流量监测和分析工具。该工具通过snmpget来获取数据，使用RRDtool绘画图形进行分析，并提供数据和用户管理功能。 Cacti v1.2.22版本存在命令注入漏洞，该漏洞源于未经身份验证的命令注入，允许未经身份验证的用户在运行Cacti的服务器上执行任意代码。

Description

PoC for CVE-2022-46169 - Unauthenticated RCE on Cacti <= 1.2.22

Readme

# CVE-2022-46169

This repository contains a Proof of Concept (PoC) for CVE-2022-46169 - Unauthenticated RCE on Cacti <= 1.2.22 by chaining an Authentication Bypass and a Command Injection, described by Sonar [in this blog post](https://www.sonarsource.com/blog/cacti-unauthenticated-remote-code-execution/). The same vulnerabilities were also discovered by: Steven Seeley (mr_me) of Source Incite.

## Usage:

```
positional arguments:
  target                URL of the Cacti application.

optional arguments:
  -f FILE               File containing the command
  -c CMD                Command
  --n_host_ids          The range of host_ids to try (0 - n)
  --n_local_data_ids    The range of local_data_ids to try (0 - n)
```


![](poc.gif)

File Snapshot


 [4.0K]  /data/pocs/d9da90d5d69aaf5fc22f2a772785a19ed30050ef
├── [2.7K]  CVE-2022-46169.py
├── [ 18K]  LICENSE
├── [ 61K]  poc.gif
└── [ 743]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!