Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

CVE-2024-3640 PoC — Rockwell Automation FactoryTalk® Remote Access™ has Unquoted Executables

Source
https://github.com/H1ng007/CVE-2024-3640_WafBypass
Associated Vulnerability
Title:Rockwell Automation FactoryTalk® Remote Access™ has Unquoted Executables (CVE-2024-3640)
Description:An unquoted executable path exists in the Rockwell Automation FactoryTalk® Remote Access™ possibly resulting in remote code execution if exploited. While running the FTRA installer package, the executable path is not properly quoted, which could allow a threat actor to enter a malicious executable and run it as a System user. A threat actor needs admin privileges to exploit this vulnerability.
Description
CVE-2024-3640绕过Waf进行漏洞利用
Readme
CVE-2024-3640 WafBypass woodpacker插件利用
绕过方式其实就是插入xml注释符进行关键字绕过。

延时检测
![image](https://github.com/user-attachments/assets/7d55d3e0-b3c9-4a0b-a457-28b51fa7af29)

回显命令执行
![image](https://github.com/user-attachments/assets/34fac943-cf8b-49f9-a79e-29d6733f6895)

自定义内存马
![image](https://github.com/user-attachments/assets/757ac07d-53a7-4b77-b6d3-070805af20bf)
File Snapshot

 [4.0K]  /data/pocs/e7f4ac7bf1bed90ace30e32caed8bd22dfe805e6
├── [1.4K]  pom.xml
├── [ 439]  README.md
└── [4.0K]  src
    └── [4.0K]  main
        └── [4.0K]  java
            └── [4.0K]  me
                └── [4.0K]  gv7
                    └── [4.0K]  woodpecker
                        └── [4.0K]  plugin
                            ├── [4.0K]  exploit
                            │   └── [ 28K]  GeoserverlRceExp.java
                            ├── [1.5K]  GeoserverVulPlugin.java
                            ├── [4.0K]  pocs
                            │   └── [3.7K]  GeoserverlRcePoc.java
                            └── [ 375]  WoodpeckerPluginManager.java

9 directories, 6 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →