POC详情: 3888f624dbfc38450e54cae8672a8e57d25c0a62

来源
https://github.com/josephgodwinkimani/CVE-2024-44765
关联漏洞
标题: MGT-COMMERCE CloudPanel 安全漏洞 (CVE-2024-44765)
描述:MGT-COMMERCE CloudPanel是MGT-COMMERCE开源的一种免费解决方案。旨在减轻管理自托管 Linux 服务器的负担。 MGT-COMMERCE CloudPanel v2.0.0至v2.4.2版本存在安全漏洞,该漏洞源于授权不当,允许攻击者通过操纵Nginx配置文件提升权限并访问敏感信息。
描述
How to "recover" a CloudPanel server affected by the CVE-2024-44765 vulnerability
介绍
# [CVE-2024-44765](https://nvd.nist.gov/vuln/detail/CVE-2024-44765) is an Improper Authorization (Access Control Misconfiguration) vulnerability in MGT-COMMERCE GmbH CloudPanel versions 2.0.0 to 2.4.2

1. Follow instructions in every folder (this should be done locally)

2. Reset Passwords and Access 

```bash
# for root 
$ sudo passwd root
#  while for users 
$ getent passwd | grep -vE "nologin|false" | cut -d: -f1
$ sudo passwd <username>
 ```

3. Remove Unauthorized Access

``` bash
$ getent passwd | grep -vE "nologin|false" | cut -d: -f1
$ sudo userdel <username>
```

2. Upload `/tmp/cloudpanel/` to `/tmp/cloudpanel/`

3. Run `clp-update`

You will see an error at the end

```bash
+ cp /tmp/cloudpanel/data/motd/10-cloudpanel /etc/update-motd.d/10-cloudpanel
cp: cannot stat '/tmp/cloudpanel/data/motd/10-cloudpanel': No such file or directory
dpkg: error processing package cloudpanel (--configure):
 installed cloudpanel package post-installation script subprocess returned error exit status 1
Errors were encountered while processing:
 cloudpanel
E: Sub-process /usr/bin/dpkg returned an error code (1)
CloudPanel has been updated to v2.5.0
```

You definitely want to see the `CloudPanel has been updated to v2.5.0` at the end. Now you can export your databases and data files away using the panel.

4. Follow security recommendations here https://github.com/EagleTube/CloudPanel/blob/main/README.md

### Note

- If your CloudPanel installation is compromised due to the CVE-2024-44765 vulnerability, updating to the latest version of CloudPanel should patch the vulnerability however, you should either use tools here https://github.com/josephgodwinkimani/install-cloudpanel or install afresh (recommended).

- Since this vulnerability allows an unauthenticated remote attacker to exploit the misconfiguration, potentially leading to arbitrary code execution, data tampering, or full system compromise the Best cause of action is to always recover from a trusted backup and updating CloudPanel installation from that point.

- You can scan your server before following the instructions in this repo https://pentest-tools.com/network-vulnerability-scanning/network-security-scanner-online
文件快照

 [4.0K]  /data/pocs/3888f624dbfc38450e54cae8672a8e57d25c0a62
├── [2.2K]  README.md
├── [4.0K]  tmp
│   └── [4.0K]  cloudpanel
│       └── [4.0K]  data
│           └── [4.0K]  cloudpanel
│               ├── [4.0K]  data
│               │   └── [ 122]  README.md
│               ├── [4.0K]  files
│               │   └── [ 108]  README.md
│               └── [ 123]  README.md
└── [ 507]  version_checker.sh

6 directories, 5 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。