CVE-2022-46169 PoC — Cacti 命令注入漏洞

Source

https://github.com/alv-david/CVE-2022-46169-Cacti-1.2.22

Associated Vulnerability

Title:Cacti 命令注入漏洞 (CVE-2022-46169)
Description:Cacti是Cacti团队的一套开源的网络流量监测和分析工具。该工具通过snmpget来获取数据，使用RRDtool绘画图形进行分析，并提供数据和用户管理功能。 Cacti v1.2.22版本存在命令注入漏洞，该漏洞源于未经身份验证的命令注入，允许未经身份验证的用户在运行Cacti的服务器上执行任意代码。

Description

Find out a modified Cacti public exploit!

Readme

# CVE-2022-46169
This exploit is a modified version from the original script by @FredBrave and adapted by @arthurcortesr and @alv-david. 

## Usage/Examples

```python
python3 CVE-2022-46169.py -u http://XX.XX.XX.XX --LHOST XX.XX.XX.XX --LPORT XXXX --host-id X --local-id X
```
## Expected results
```
[*] Testing host_id=X, local_data_id=XX...
[+] Found working combination: host_id=X, local_data_id=X
[*] Payload sent successfully! Check your listener.
```
## Authors

- [@FredBrave](https://github.com/FredBrave)
- [@arthurcortesr](https://www.linkedin.com/in/arthurcortesr/)
- [@alv-david](https://www.linkedin.com/in/alv-david/)

File Snapshot


 [4.0K]  /data/pocs/eb4f04a81e6ef4a14690194469e1bfe5cbda3148
├── [3.5K]  CVE-2022-46169.py
└── [ 635]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!