Exploit for CVE-2024-47533

CVE-2024-47533 – Cobbler XMLRPC Remote Code Execution (Unauthenticated) 📌 Summary This repository contains a proof-of-concept (PoC) exploit for CVE-2024-47533, a critical vulnerability in Cobbler's XMLRPC API that allows unauthenticated remote code execution (RCE). An attacker can execute arbitrary system commands without authentication by abusing the XMLRPC endpoint. ⚠️ Disclaimer This project is intended for educational and authorized security testing purposes only. Any misuse of this code against systems without permission is illegal. The author is not responsible for any misuse or damages. 🛠️ Technical Details Vulnerability Type: Unauthenticated RCE Affected Component: XMLRPC API Attack Vector: Network Privileges Required: None User Interaction: None The vulnerability occurs because the login() method allows authentication with empty credentials, and user-controlled input can be injected into Cobbler template rendering, leading to arbitrary code execution. 🚀 Usage 1️⃣ Clone this repository bash git clone https://github.com//CVE-2024-47533-POC.git cd CVE-2024-47533-POC 2️⃣ Install dependencies This script requires Python 3.x. No external dependencies are needed, but ensure the xmlrpc.client library is available (default in Python). 3️⃣ Run the exploit bash python3 CVE-2024-47533.py –url https://:/RPC2 –cmd "" Example: bash python3 CVE-2024-47533.py –url https://127.0.0.1:25151/RPC2 –cmd "id" 📂 File Structure . ├── CVE-2024-47533.py # Exploit script └──…Read More