CVE-2022-24990 PoC — TerraMaster TOS 访问控制错误漏洞

Source

https://github.com/0xf4n9x/CVE-2022-24990

Associated Vulnerability

Title:TerraMaster TOS 访问控制错误漏洞 (CVE-2022-24990)
Description:TerraMaster TOS是中国铁威马（TerraMaster）公司的一款基于Linux平台的，专用于erraMaster云存储NAS服务器的操作系统。 Terramaster TOS 4.2.29版本存在访问控制错误漏洞，该漏洞源于api.php脚本中的webNasIPS 组件中的输入验证不正确。未经身份验证的攻击者可以发送特殊数据利用该漏洞并在目标系统上执行任意命令。

Description

CVE-2022-24990 TerraMaster TOS unauthenticated RCE via PHP Object Instantiation

Readme

# CVE-2022-24990
> CVE-2022-24990 TerraMaster TOS unauthenticated RCE via PHP Object Instantiation

## Usage

Vulnerability Detection.

```bash
python CVE-2022-24990.py -u http://127.0.0.1:8080
```

Upload a PHP webshell.

```bash
python CVE-2022-24990.py -a http://127.0.0.1:8080
```

![use](./imgs/use.jpg)

## Reference

- https://octagon.net/blog/2022/03/07/cve-2022-24990-terrmaster-tos-unauthenticated-remote-command-execution-via-php-object-instantiation/

- http://wiki.peiqi.tech/wiki/webapp/TerraMaster/TerraMaster%20TOS%20createRaid%20%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2022-24990.html

File Snapshot


 [4.0K]  /data/pocs/dd1230fe0a2ad5cbdf8f0b65e68a436a298d8a98
├── [5.1K]  CVE-2022-24990.py
├── [4.0K]  imgs
│   └── [1.5M]  use.jpg
└── [ 640]  README.md

1 directory, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!