CVE-2022-24637 PoC — Open Web Analytics Server 安全漏洞

Source

https://github.com/Lay0us1/CVE-2022-24637

Associated Vulnerability

Title:Open Web Analytics Server 安全漏洞 (CVE-2022-24637)
Description:Open Web Analytics Server是用于Google Analytics 等商业 Web 分析工具的开源替代方案。 Open Web Analytics 1.7.4版本存在安全漏洞，该漏洞源于使用 php 生成的文件（而不是预期的 php 序列）不是由 PHP 解释器处理的。未经身份验证的攻击者可以通过缓冲哈希利用该漏洞获取敏感用户信息和管理员权限。

Description

Unauthenticated RCE in Open Web Analytics (OWA) 1.7.3

Readme

# CVE-2022-24637
Exploit for the Unauthenticated RCE in Open Web Analytics (OWA) 1.7.3. This work is based on https://devel0pment.de/?p=2494.

DISCLAIMER: This script is made to audit the security of systems. Only use this script on your own systems or on systems you have written permission to exploit.

File Snapshot


 [4.0K]  /data/pocs/f7de6f2a7d7593eec7c9444fce14a179d011d4c9
├── [8.1K]  exploit.py
└── [ 304]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!