POC详情: e70e0325017cadb4cdf4caefa845d0671e7ecfd7

来源
https://github.com/th3gokul/CVE-2024-50603
关联漏洞
标题: Aviatrix Controller 操作系统命令注入漏洞 (CVE-2024-50603)
描述:Aviatrix Controller是美国Aviatrix公司的一个应用软件。用云提供商的API来扩展和控制本机结构,从而扩展其功能并将其集成到软件中。 Aviatrix Controller 7.1.4191之前版本和7.2.4996之前的7.2.x版本存在安全漏洞,该漏洞源于操作系统命令中存在特殊元素的不正确中和,导致未认证的攻击者可执行任意代码。
描述
CVE-2024-50603: Aviatrix Controller Unauthenticated Command Injection
介绍
# CVE-2024-50603: Aviatrix Controller Unauthenticated Command Injection

CVEHunter tool for vulnerability detection and exploitation tool for CVE-2024-50603 with Asychronous Performance.

<h1 align="center">
  <img src="https://github.com/user-attachments/assets/6f360b42-bd54-4e88-a4fd-aca25ffa9d7a" width="2000px">
  <br>
</h1>


### Installation

```bash
git clone https://github.com/th3gokul/CVE-2024-50603.git
cd CVE-2024-50603
pip install -r requirements.txt
python3 cvehunter.py --help@RevoltSecurities
```

```bash
python3 cvehunter.py -h

 ▄████▄ ██▒   █▓▓█████  ██░ ██  █    ██  ███▄    █ ▄▄▄█████▓▓█████  ██▀███  
▒██▀ ▀█▓██░   █▒▓█   ▀ ▓██░ ██▒ ██  ▓██▒ ██ ▀█   █ ▓  ██▒ ▓▒▓█   ▀ ▓██ ▒ ██▒
▒▓█    ▄▓██  █▒░▒███   ▒██▀▀██░▓██  ▒██░▓██  ▀█ ██▒▒ ▓██░ ▒░▒███   ▓██ ░▄█ ▒
▒▓▓▄ ▄██▒▒██ █░░▒▓█  ▄ ░▓█ ░██ ▓▓█  ░██░▓██▒  ▐▌██▒░ ▓██▓ ░ ▒▓█  ▄ ▒██▀▀█▄  
▒ ▓███▀ ░ ▒▀█░  ░▒████▒░▓█▒░██▓▒▒█████▓ ▒██░   ▓██░  ▒██▒ ░ ░▒████▒░██▓ ▒██▒
░ ░▒ ▒  ░ ░ ▐░  ░░ ▒░ ░ ▒ ░░▒░▒░▒▓▒ ▒ ▒ ░ ▒░   ▒ ▒   ▒ ░░   ░░ ▒░ ░░ ▒▓ ░▒▓░
  ░  ▒    ░ ░░   ░ ░  ░ ▒ ░▒░ ░░░▒░ ░ ░ ░ ░░   ░ ▒░    ░     ░ ░  ░  ░▒ ░ ▒░
░           ░░     ░    ░  ░░ ░ ░░░ ░ ░    ░   ░ ░   ░         ░     ░░   ░ 
░ ░          ░     ░  ░ ░  ░  ░   ░              ░             ░  ░   ░     
░           ░                                                               
   CVE-2024-50603                      @th3gokul & @th3sanjai

[Description]: Vulnerability Detection and Exploitation tool for CVE-2024-34102

options:
  -h, --help            show this help message and exit
  -u URL, --url URL     [INF]: Specify a URL or domain for vulnerability detection
  -l LIST, --list LIST  [INF]: Specify a list of URLs for vulnerability detection
  -t THREADS, --threads THREADS
                        [INF]: Number of threads for list of URLs
  -proxy PROXY, --proxy PROXY
                        [INF]: Proxy URL to send request via your proxy
  -v, --verbose         [INF]: Increases verbosity of output in console
  -o OUTPUT, --output OUTPUT
                        [INF]: Filename to save output of vulnerable target]
```

### Reference
https://www.securing.pl/en/cve-2024-50603-aviatrix-network-controller-command-injection-vulnerability/

### About:

The CVEHunter tool is an exploitation tool for CVE-2024-34102 and the Devlopers of the tool are
   - [Th3Gokul @RevoltSecurities](https://www.linkedin.com/in/gokul-v-13455521a/)
   - [Th3sanjai @RevoltSecurities](https://www.linkedin.com/in/d-sanjai-kumar-109a7227b/)

and We specially Thank [bebik](https://github.com/bebiksior) and his [SSRF](ssrf.cvssadvisor.com/) tool which helped in our research and exploitation 
on CVE-2024-50603 to know the callbacks, pings and find accurate results while exploiting this vulnerability, We appreciate him for the great contribution for Open Source Community.


### Disclaimer
The tool ⚒️ is only for education 📖 and ethical purpose only and Developers are not responsible for any illegal exploitations.
文件快照

 [4.0K]  /data/pocs/e70e0325017cadb4cdf4caefa845d0671e7ecfd7
├── [ 12K]  cvehunter.py
└── [3.6K]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。