Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-2053 PoC — Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability

Source
https://github.com/b-L-x/CVE-2024-2053
Associated Vulnerability
Title:Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability (CVE-2024-2053)
Description:The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. This issue was demonstrated on version 4.50 of the The Artica-Proxy administrative web application attempts to prevent local file inclusion. These protections can be bypassed and arbitrary file requests supplied by unauthenticated users will be returned according to the privileges of the "www-data" user.
Description
CVE-2024-2053
Readme
<h1 align="center">LFI to RCE Exploit via Log Poisoning</h1>

<div align="center">
  <strong>Python3 exploit for CVE-2024-2053 (Artica Proxy)</strong>
</div>

<h2>📝 Description</h2>
<p>This Python3 script exploits Local File Inclusion (LFI) vulnerabilities to achieve Remote Code Execution (RCE) through log poisoning techniques. Specifically designed for Artica Proxy (CVE-2024-2053) but adaptable to other LFI scenarios.</p>

<h2>⚡ Features</h2>
<ul>
  <li>Multiple LFI test vectors (<code>/etc/passwd</code>, <code>/proc/self/environ</code>)</li>
  <li>4 different PHP payload variants for evasion</li>
  <li>Automatic webshell deployment</li>
  <li>Proxy support (Burp/OWASP ZAP)</li>
  <li>SSL verification toggle</li>
  <li>Verbose debugging mode</li>
</ul>

<h2>🛠️ Installation</h2>
<pre><code>git clone https://github.com/yourusername/artica-lfi-rce.git
cd artica-lfi-rce
pip3 install -r requirements.txt</code></pre>

<h2>🚀 Usage</h2>
<pre><code>python3 artica.py &lt;target_url&gt; &lt;endpoint&gt; [options]

<b>Basic:</b>
python3 artica.py http://vulnerable.com /images.listener.php

<b>With proxy:</b>
python3 artica.py https://target.com:9000 /vuln.php -p http://127.0.0.1:8080

<b>Verbose mode:</b>
python3 artica.py http://victim.com /endpoint.php -v

<b>Ignore SSL errors:</b>
python3 artica.py https://self-signed.com /path.php --no-verify</code></pre>

<h2>🎯 Technical Details</h2>
<table>
  <tr>
    <th>Component</th>
    <th>Description</th>
  </tr>
  <tr>
    <td>Payloads</td>
    <td>
      <ul>
        <li>File writer (<code>file_put_contents</code>)</li>
        <li>Base64 decoder variant</li>
        <li>Compact function caller</li>
      </ul>
    </td>
  </tr>
  <tr>
    <td>Injection Points</td>
    <td>User-Agent, Referer, Cookies, GET parameters</td>
  </tr>
  <tr>
    <td>Webshell</td>
    <td>Randomized filename (<code>shell_[TIMESTAMP].php</code>)</td>
  </tr>
</table>

<h2>⚠️ Legal Disclaimer</h2>
<p><em>This tool is provided for educational and authorized penetration testing purposes only. The developer assumes no liability and is not responsible for any misuse or damage caused by this program.</em></p>

<h2>📜 License</h2>
<p>MIT License - Copyright (c) 2024</p>
File Snapshot

 [4.0K]  /data/pocs/d380e1c9245cb19907acec28f2116d84a3164e72
├── [5.8K]  CVE-2024-2053.py
├── [1.8K]  CVE-2024-2053.yaml
├── [1.0K]  LICENSE
├── [2.2K]  README.md
└── [ 262]  requirements.txt

0 directories, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →