# CVE-2024-1212 - Progress Kemp LoadMaster Unauthenticated Command Injection
This is an exploit script for **CVE-2024-1212**, an **unauthenticated command injection vulnerability** in **Progress Kemp LoadMaster**.
---
## Vulnerability Summary
**CVE-2024-1212** affects **Progress Kemp LoadMaster**, allowing **unauthenticated attackers** to execute arbitrary commands on the system via a crafted HTTP request to the `/access/set` endpoint.
## Features
- Unauthenticated Remote Command Execution (RCE)
- Randomized `User-Agent` headers to avoid basic detection
- Proxy support for Burp/ZAP interception (`-p`)
- Output logging to file (`-o`)
## Usage
```bash
python3 cve_2024_1212_exploit.py -u <TARGET_URL> -c <COMMAND>
```
## Options
| Argument | Description |
| ----------------- | ------------------------------------------------------------------ |
| `-u`, `--url` | Target base URL (e.g., `http://192.168.1.1`) **\[REQUIRED]** |
| `-c`, `--command` | Command to execute (default: `id`) |
| `-p`, `--proxy` | Proxy URL (e.g., `http://127.0.0.1:8080`) for intercepting traffic |
| `-o`, `--output` | Save the output to a file (e.g., `result.txt`) |
---
### Example
```bash
python3 cve_2024_1212_exploit.py -u http://192.168.100.1 -c "uname -a" -p http://127.0.0.1:8080 -o output.txt
```
---
<img width="1351" height="257" alt="1" src="https://github.com/user-attachments/assets/a5a1dee8-f532-4b23-8be6-85f33ec3356f" />
---
### Request/Response
<img width="1365" height="403" alt="2" src="https://github.com/user-attachments/assets/9bdb5d5c-f0c3-49ab-ac3f-c7aba60204e2" />
## ⚠️ DISCLAIMER
This script is provided for **educational and authorized security testing** purposes only.
---
## Official Channels
- [YouTube @rootctf](https://www.youtube.com/@rootctf)
- [X @r0otk3r](https://x.com/r0otk3r)
[4.0K] /data/pocs/6283f959205ef22400ac791a609f389dcca55e7b
├── [2.9K] cve_2024_1212_exploit.py
└── [1.9K] README.md
0 directories, 2 files