关联漏洞
标题:Cacti 安全漏洞 (CVE-2024-25641)Description:Cacti是Cacti团队的一套开源的网络流量监测和分析工具。该工具通过snmpget来获取数据,使用RRDtool绘画图形进行分析,并提供数据和用户管理功能。 Cacti 1.2.27之前版本存在安全漏洞,该漏洞源于存在任意文件写入漏洞,允许经过身份验证的用户在Web服务器上执行任意PHP代码。
介绍
# CVE-2024-25641 Exploit for Cacti 1.2.26
Exploiting CVE-2024-25641 on Cacti 1.2.26. When a user is authenticated, an arbitrary file write vulnerability allows Remote Code Execution (RCE).
---
## Overview
This script automates the process of exploiting **CVE-2024-25641** in **Cacti 1.2.26**. The vulnerability allows authenticated users with the `Import Templates` permission to achieve **Remote Code Execution (RCE)** via the `Package Import` feature.
📌 **Original Advisory:** [GitHub Security Advisory](https://github.com/Cacti/cacti/security/advisories/GHSA-7cmj-g5qc-pj88)
----
## Features
- ✅ **Fully Automated Exploitation**: Simplifies the attack process.
- ⚡ **Flexible Targeting**: Easily configure target URL, credentials, and payload.
- 📦 **Dependency Management**: Ensure smooth installation via `requirements.txt`.
## Prerequisites
Ensure you have the following installed:
- 🐍 **Python 3.x**
- 📜 Required Python modules (install via `requirements.txt`)
## Installation
Clone the repository:
```sh
git clone https://github.com/regantemudo/CVE-2024-25641-Exploit-for-Cacti-1.2.26.git
cd CVE-2024-25641-Exploit-for-Cacti-1.2.26
```
Install dependencies:
```sh
pip install -r requirements.txt
```
## Usage
### 🚀 Prepare Your PHP Payload
By default, the script uses `./php/reverse_shell.php` as the payload. Modify the IP address and port inside the PHP script accordingly.
### 🔥 Run the Exploit
```sh
python3 cacti_exploit.py <URL> <username> <password> [-p <payload_path>]
```
#### Arguments:
- 🌍 `URL`: The target Cacti URL.
- 👤 `username`: Login username.
- 🔑 `password`: Login password.
- 🛠️ `-p/--payload`: (Optional) Path to a custom PHP payload (default: `./php/reverse_shell.php`).
### ⚡ Execute the Payload
Once the script successfully uploads the PHP payload, execute it via the browser or directly through the script.
## Project Structure
```
CVE-2024-25641-Exploit-for-Cacti-1.2.26/
│── php/
| ├── reverse_shell.php
│── README.md
│── cacti_exploit.py
│── requirements.txt
```
## ⚠️ Disclaimer
This tool is strictly for **educational and authorized penetration testing**. Unauthorized use is illegal and may lead to severe consequences. The authors hold no responsibility for any misuse or damage caused by this software.
文件快照
[4.0K] /data/pocs/0fad1ed16e4cc343122c00b6b0c8f86997981598
├── [4.6K] cacti_exploit.py
├── [4.0K] php
│ └── [5.4K] reverse_shell.php
├── [2.3K] README.md
└── [ 185] requirements.txt
1 directory, 4 files
备注
1. 建议优先通过来源进行访问。
2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →