关联漏洞
描述
CVE-2023-30765 / ZDI-23-905 - Delta Electronics Infrasuite Device Master Privilege Escalation
介绍
# CVE-2023-30765
CVE-2023-30765 / ZDI-23-905 - Delta Electronics Infrasuite Device Master Privilege Escalation
Bug credit: Piotr Bazydlo (@chudypb) <br>
Links:
- https://www.zerodayinitiative.com/advisories/ZDI-23-905/
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-01
### Usage
```
python3 cve-2023-30765.py -h
usage: cve-2023-30765.py [-h] -i TARGET [-p PORT] [-t] [--user USER] [--pass PWD] [-b]
Delta Electronics Infrasuite Device Master Privilege Escalation (CVE-2023-30765)
optional arguments:
-h, --help show this help message and exit
-i TARGET, --target TARGET
Target Infrasuite instance
-p PORT, --port PORT Target webservice port (default:80)
-t, --tls Target webservice has tls (default:false)
--user USER Account to escalate
--pass PWD Account password
-b, --brute Brute-force default user:pass pairs
```
### FYI
Couldnt find a way to enumerate group contents so this just adds the given user to the admins group with the original administrator. Might be temperamental for other users in that group. ymmv, yolo.
文件快照
[4.0K] /data/pocs/abfc4b22a0fb46ea00b2507da113b8a4f07ab083
├── [8.6K] cve-2023-30765.py
└── [1.1K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。