Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-24716 PoC — Icinga Web 2 路径遍历漏洞

Source
https://github.com/antisecc/CVE-2022-24716
Associated Vulnerability
Title:Icinga Web 2 路径遍历漏洞 (CVE-2022-24716)
Description:Icinga Web 2是一个应用软件。Icinga Web 2是Icinga Project开发的下一代开源监控 Web 界面、框架和命令行界面,支持 Icinga 2、Icinga Core 和任何其他兼容 IDO 数据库的监控后端。 Icinga Web 2 存在路径遍历漏洞,该漏洞源于未经认证的Icinga Web 2 用户可以泄露web-server用户可以访问的本地系统文件的内容,包括带有数据库凭据的“icingaweb2”配置文件。
Readme
# CVE-2022-24716

Icinga Web 2 is a software application that monitors computer systems and networks. It has a web interface that allows users to view and manage system resources. However, there is a vulnerability in Icinga Web 2 that allows unauthenticated users to access files on the system that are accessible to the web server user. This includes configuration files for Icinga Web 2 that contain database credentials. This vulnerability has been fixed in versions 2.9.6 and 2.10 of Icinga Web 2. However, if you are using an older version, you should upgrade to a newer version and rotate your database credentials.
File Snapshot

 [4.0K]  /data/pocs/e54b56df2e52116902694e5c83ca58234089162e
├── [1.6K]  CVE-2022-24716..py
└── [ 622]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.