### [CVE-2024-41570](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41570)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

An Unauthenticated Server-Side Request Forgery (SSRF) in demon callback handling in Havoc 2 0.7 allows attackers to send arbitrary network traffic originating from the team server.

### POC

#### Reference
- https://blog.chebuya.com/posts/server-side-request-forgery-on-havoc-c2/

#### Github
- https://github.com/EndermanSUPREME/Havoc-C2-SSRF-to-RCE-POC
- https://github.com/HimmeL-Byte/CVE-2024-41570-SSRF-RCE
- https://github.com/Michael-Meade/Links-Repository
- https://github.com/Nicolas-Arsenault/Havoc-C2-RCE-2024
- https://github.com/chebuya/Havoc-C2-SSRF-poc
- https://github.com/dxlerYT/Havoc-C2-RCE-2024
- https://github.com/kit4py/CVE-2024-41570
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/sebr-dev/Havoc-C2-SSRF-to-RCE
- https://github.com/thisisveryfunny/CVE-2024-41570-Havoc-C2-RCE