POC详情: b6d91f5232179bb9ddb0d8cb5d3fdd50fc2a551e

来源
https://github.com/nscan9/CVE-2024-54761-BigAnt-Office-Messenger-5.6.06-RCE-via-SQL-Injection
关联漏洞
标题: BigAntSoft BigAnt office messenger 安全漏洞 (CVE-2024-54761)
描述:BigAntSoft BigAnt office messenger是澳大利亚BigAntSoft公司的一个针对企业环境的服务器/客户端即时消息程序。 BigAntSoft BigAnt office messenger 5.6.06版本存在安全漏洞。攻击者利用该漏洞可以通过“dev_code”参数进行 SQL 注入攻击。
介绍
# CVE-2024-54761 BigAnt Office Messenger 5.6.06 RCE via SQL Injection
The SQL injection vulnerability in BigAnt Messenger causes the RCE vulnerability
# Exploit
We extract the database version used in the 'dev_code' parameter exposed to SQL injection
![SQLI version](https://github.com/user-attachments/assets/109a800c-af76-4a0b-9b42-0f03d0a9acbe)
Thanks to the wrong configuration in SQL, we can upload webshell to the target using SQL stack queries.
![crate webshell 1](https://github.com/user-attachments/assets/258f0ae0-8c8e-4b09-b454-fcd4339d877c)
Proof of command injection:
![whoami](https://github.com/user-attachments/assets/94c2bf8e-6ba3-4329-aeaa-44215f88fed0)
![command dir](https://github.com/user-attachments/assets/07320b55-01c7-4e34-8d26-4b3a0d62d817)
# Timeline
31-10-2024: Submitted vulnerabilities to vendor via email

31-10-2024: Emailed vendor, no response

15-11-2024: Emailed vendor, no response

15-11-2024: Requested CVEs
# Reference
https://www.bigantsoft.com
文件快照

 [4.0K]  /data/pocs/b6d91f5232179bb9ddb0d8cb5d3fdd50fc2a551e
└── [ 986]  README.md

0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。