支持本站 — 捐款将帮助我们持续运营

目标: 1000 元,已筹: 1000

100.0%
立即捐款

POC详情: f8cf088771e14ca41717c660cf396764ea5deb48

来源
https://github.com/nettitude/CVE-2024-25153
关联漏洞
标题:FileCatalyst Workflow Web Portal 安全漏洞 (CVE-2024-25153)
Description:FileCatalyst Workflow Web Portal是FileCatalyst公司的一个基于 Web 的应用程序。 FileCatalyst Workflow Web Portal 5.1.6 Build 114之前版本存在安全漏洞,该漏洞源于存在路径遍历漏洞。攻击者可利用该漏洞通过特制的POST请求将文件上传到uploadtemp目录之外。
Description
Proof-of-concept exploit for CVE-2024-25153.
介绍
# CVE-2024-25153
This is a proof of concept for CVE-2024-25153, a Remote Code Execution vulnerability in Fortra FileCatalyst Workflow 5.x, before 5.1.6 Build 114.

Full technical details can be found at [https://labs.nettitude.com/blog/cve-2024-25153-remote-code-execution-in-fortra-filecatalyst](https://labs.nettitude.com/blog/cve-2024-25153-remote-code-execution-in-fortra-filecatalyst)

## Usage
Run the exploit using the following command:
```
CVE-2024-25153.py --host <hostname> --port <port> --url <url> --cmd <command>
```

Only the `--host` argument is required, and others are optional. Use the `--help` argument for full usage instructions.

## Disclaimer
This proof-of-concept is for demonstration purposes and should not be used for illegal activities. LRQA Nettitude are not responsible for any damage caused by the use or misuse of this code.
文件快照

 [4.0K]  /data/pocs/f8cf088771e14ca41717c660cf396764ea5deb48
├── [3.7K]  CVE-2024-25153.py
├── [ 34K]  LICENSE
├── [ 857]  README.md
└── [  33]  requirements.txt

0 directories, 4 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。