CVE-2024-1709 PoC — ConnectWise ScreenConnect 安全漏洞

Source

https://github.com/sxyrxyy/CVE-2024-1709-ConnectWise-ScreenConnect-Authentication-Bypass

Associated Vulnerability

Title:ConnectWise ScreenConnect 安全漏洞 (CVE-2024-1709)
Description:ConnectWise ScreenConnect是ConnectWise公司的一种自托管远程桌面软件应用程序。 ConnectWise ScreenConnect 23.9.7及之前版本存在安全漏洞，该漏洞源于受到使用备用路径或通道绕过身份验证的影响，可能允许攻击者直接访问机密信息或关键系统。

Readme

# ConnectWise ScreenConnect: Authentication Bypass

## Introduction
This project aims to exploit an authentication bypass vulnerability in ConnectWise ScreenConnect. It provides a script to demonstrate the exploit. Please ensure you have the necessary permissions before attempting to use this script.

## Usage

```bash
python exploit.py [options]
```

### Options:
- `--username`: Username to add (**Required**).
- `--password`: Password to add (**Required**).
- `--urls`: Path to the file containing URLs.
- `--url`: Run only on this URL.

Note: Either `--urls` or `--url` is required.

## Example
```bash
python exploit.py --username admin --password p@ssw0rd --urls urls.txt
python exploit.py --username admin --password p@ssw0rd --url 'http://127.0.0.1/'
```

## Disclaimer
This project is for educational purposes only. Use it at your own risk. The authors do not take any responsibility for its misuse.

File Snapshot


 [4.0K]  /data/pocs/eac2884206c4f0a90ce9e35e94592e2776b91481
├── [3.8K]  exploit.py
└── [ 911]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!