关联漏洞
标题:Progress Flowmon 安全漏洞 (CVE-2024-2389)Description:Progress Flowmon是Progress公司的一个实时网络流量监控工具。 Progress Flowmon 11.1.14之前的11.x版本和12.3.5之前的12.x版本存在安全漏洞,该漏洞源于存在操作系统命令注入漏洞,未经身份验证的用户可以通过管理界面访问系统,从而执行任意系统命令。
介绍
# Progress Kemp Flowmon CVE-2024-2389
## Description
This repository contains a Python script to exploit a vulnerability in Flowmon that allows for gaining a reverse shell on the target system. The exploit leverages a flaw in the `service.pdfs/confluence` endpoint to execute arbitrary commands on the server, resulting in a reverse shell connection.
## Usage
1. Clone the repository to your local machine:
```bash
https://github.com/adhikara13/CVE-2024-2389.git
```
2. Navigate to the cloned directory:
```bash
cd CVE-2024-2389
```
3. Run the Python script:
```bash
python main.py
```
4. Follow the prompts to input the Flowmon host, your IP address, and the desired port.
## Disclaimer
This exploit is for educational purposes only. Unauthorized use of this script against systems you do not own or have explicit permission to test is illegal and unethical. Use at your own risk.
## Requirements
- Python 3.x
- Requests library (`pip install requests`)
## Contributing
Contributions are welcome! Feel free to submit pull requests or open issues for any improvements, bug fixes, or suggestions.
文件快照
[4.0K] /data/pocs/f00243dfc3eacbcfe44c4b90fc6fe4c34200f7c1
├── [ 11K] LICENSE
├── [1019] main.py
└── [1.1K] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。