关联漏洞
标题:
Apache CloudStack 安全漏洞
(CVE-2024-41107)
描述:Apache CloudStack是美国阿帕奇(Apache)基金会的一套基础架构即服务(IaaS)云计算平台。该平台主要用于部署和管理大型虚拟机网络。 Apache CloudStack存在安全漏洞,该漏洞源于身份验证不强制执行签名检查,攻击者可以通过提交没有签名的欺骗SAML响应以及启用SAML的CloudStack用户帐户来绕过SAML身份验证。
描述
This repository contains an PoC for the critical vulnerability identified as CVE-2024-41107 in Apache CloudStack
介绍
<div align="center">
# 🇮🇱 **#BringThemHome #NeverAgainIsNow** 🇮🇱
**We demand the safe return of all citizens who have been taken hostage by the terrorist group Hamas. We will not rest until every hostage is released and returns home safely. You can help bring them back home.
https://stories.bringthemhomenow.net/**
</div>
# 🚀 CVE-2024-41107 Exploit 🚀
This repository contains an exploit for the critical vulnerability identified as **CVE-2024-41107** in Apache CloudStack. This vulnerability affects versions **4.5.0 through 4.18.2.1** and **4.19.0.0 through 4.19.0.2**. The flaw lies within the Security Assertion Markup Language (SAML) authentication mechanism, allowing attackers to submit unsigned SAML responses to gain unauthorized access to user accounts and control over cloud resources.
## ⚠️ Disclaimer ⚠️
This code is for **educational purposes only**. Unauthorized access to computer systems is illegal and unethical. Use this information responsibly and within the boundaries of the law.
## ✨ Features ✨
- Exploits the SAML authentication vulnerability in Apache CloudStack
- Bypasses signature checks to gain unauthorized access
- Demonstrates the critical nature of CVE-2024-41107
## 🛠️ Requirements 🛠️
- Python 3.x
- `requests` library
- `beautifulsoup4` library
Install the required libraries using:
```bash
pip install requests beautifulsoup4
```
## 📄 Usage 📄
1. **Clone the repository:**
```bash
git clone https://github.com/d0rb/CVE-2024-41107/PoC.git
cd cve-2024-41107-exploit
```
2. **Edit the Exploit Code:**
Update the `url` and `saml_response_template` variables in `exploit.py` with the target CloudStack instance and your SAML issuer details.
3. **Run the Exploit:**
```bash
python exploit.py
```
4. **Check the Response:**
If successful, the script will print the session ID indicating unauthorized access.
## 🔒 Mitigation 🔒
To mitigate this vulnerability, users are advised to:
- Disable SAML authentication by setting the `saml2.enabled` global setting to `false`.
- Upgrade to the patched versions **4.18.2.2** or **4.19.1.0** released by Apache.
- Review access logs for signs of exploitation.
---
⚠️ **Disclaimer:** This code is for educational purposes only. Unauthorized use of this code is illegal. Always ensure you have permission before testing against any system.
文件快照
[4.0K] /data/pocs/cefefa8a1a80dfa95e6cccb0bf906cf707820d50
├── [3.4K] PoC.py
└── [2.3K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。