Unauthenticated Command Injection in Cacti remote_agent.php

This repository contains a single Python exploit script (CVE-2022-46169.py) targeting Cacti v1.2.22, specifically exploiting CVE-2022-46169. The exploit works by first brute-forcing valid host_id and local_data_id values using multi-threaded HTTP requests to the /remote_agent.php endpoint. Once valid IDs are found, the script crafts a malicious GET request to /remote_agent.php with a specially crafted poller_id parameter that injects an arbitrary command (provided by the user) for execution on the target system. The exploit leverages the 'X-Forwarded-For: 127.0.0.1' header to bypass access controls. The repository also includes a standard .gitignore and a GPLv3 license file. The README is minimal and only states the CVE and Cacti version. The exploit is operational, providing real command execution on vulnerable targets, and is not part of any larger framework.

This repository contains a Python exploit script (CVE-2022-46169.py) targeting the Cacti network monitoring tool, specifically exploiting CVE-2022-46169. The exploit abuses a command injection vulnerability in the /remote_agent.php endpoint. The script can operate in two modes: direct execution (if host_id and local_data_id are known) or brute-force (testing combinations of host_id and local_data_id). Upon successful exploitation, it delivers a bash reverse shell to the attacker's specified LHOST and LPORT. The repository also includes a README.md with usage instructions and a .gitignore file. The exploit is operational, requiring the attacker to set up a listener and provide the target URL and their own IP/port for the reverse shell. The main fingerprintable endpoint is /remote_agent.php on the target server.

This repository contains a Bash proof-of-concept exploit for CVE-2022-46169, a remote code execution vulnerability in Cacti. The main script, poc.sh, takes as input the attacker's IP, listening port, and the target Cacti URL. It first checks if the target is vulnerable by probing /cacti/remote_agent.php, then enumerates possible host_id and local_data_ids to find a valid endpoint. Once a suitable endpoint is found, it crafts and URL-encodes a Bash reverse shell payload, which is injected via a crafted HTTP request. If successful, the exploit grants the attacker a reverse shell on the target system. The repository is structured with a README providing usage instructions and a single Bash script implementing the exploit logic. No hardcoded endpoints are present; the target URL is supplied by the user. The exploit is operational and delivers a working payload, but is not part of a larger framework.

This repository contains an exploit for CVE-2022-46169, a critical unauthenticated command injection vulnerability in Cacti (versions prior to 1.2.22). The main exploit logic is implemented in 'main.py', which reads a list of target hosts from a file and attempts to exploit each by sending a crafted HTTP GET request to the '/remote_agent.php' endpoint. The exploit injects an arbitrary command (provided by the user) into the 'poller_id' parameter, leveraging the vulnerability to execute system commands on the target server. The script uses threading to attack multiple hosts in parallel and provides console output indicating whether each host appears vulnerable. The exploit is operational, requiring only a list of targets and a command to execute, and demonstrates real-world impact by achieving remote code execution. No hardcoded IPs or domains are present, but the endpoint '/remote_agent.php' is fingerprintable. The repository is structured simply, with a single Python exploit file, a README, and a license.

This repository contains a Python exploit script (CVE-2022-46169.py) targeting Cacti v1.2.22, specifically exploiting an unauthenticated command injection vulnerability (CVE-2022-46169) in the /remote_agent.php endpoint. The script first checks if the target is vulnerable, then brute-forces required host and data IDs, and finally delivers a reverse shell payload to the attacker's specified IP and port using a bash command injection. The exploit is operational and provides remote code execution if successful. The repository also includes a brief README referencing the vulnerability and the original PoC author.

This repository contains a Python exploit script (exploit.py) targeting CVE-2022-46169, an unauthenticated remote code execution vulnerability in Cacti versions prior to 1.2.23 and 1.3.0. The exploit leverages an authentication bypass (using spoofed HTTP headers such as X-Forwarded-For) and a command injection vulnerability in the 'remote_agent.php' endpoint. The script attempts to enumerate valid host_id and data_id values to trigger the vulnerability, and upon success, injects a base64-encoded bash reverse shell payload via the poller_id parameter. The attacker must provide their own IP and port to receive the shell. The script supports both targeted and aggressive exploitation modes. The repository also includes a README.md describing the exploit and a LICENSE file. The main exploit logic is contained in exploit.py, which is the only code file.

This repository contains a single Python script (CVE-2022-46169.py) that serves as a proof-of-concept exploit for CVE-2022-46169, an unauthenticated remote code execution vulnerability in Cacti versions up to 1.2.22. The exploit works by sending crafted HTTP GET requests to the /remote_agent.php endpoint of a vulnerable Cacti installation, injecting arbitrary shell commands via the poller_id parameter. The script allows the attacker to specify the target URL, the command to execute (either directly or from a file), and the range of host_id and local_data_id values to try. The X-Forwarded-For header is set to 127.0.0.1 to bypass authentication. The repository also includes a README with usage instructions and a standard GPLv2 license file. The exploit is a functional PoC and does not include advanced payloads or post-exploitation features.

This repository contains a Python exploit script (cacti.py) targeting CVE-2022-46169 in Cacti version 1.2.22. The exploit works by interacting with the 'remote_agent.php' endpoint of a vulnerable Cacti installation. It first checks if the target is vulnerable, then brute-forces host and local data IDs to find exploitable parameters. If successful, it delivers a bash reverse shell payload to the attacker's specified IP and port, granting remote code execution. The script requires the attacker to provide the target URL, their own IP, and a listening port. The repository is simple, with only a README and the exploit script, and is focused solely on exploiting this specific vulnerability in Cacti.

This repository contains a Python exploit script (cve_2022_46169.py) targeting CVE-2022-46169, an unauthenticated remote code execution vulnerability in Cacti version 1.2.19. The exploit works by bypassing authentication using various X-Forwarded headers, brute-forcing valid host_id and local_data_ids[] parameters, and then performing command injection via the remote_agent.php endpoint. The script can operate in two modes: 'check' (to test for vulnerability) and 'exploit' (to attempt exploitation). The payload is a bash reverse shell, which, if successful, grants the attacker remote shell access to the target. The README.md provides usage instructions and references. The main fingerprintable endpoint is /remote_agent.php on the target Cacti instance. The exploit is operational, requiring some manual configuration (such as setting the attacker's IP and port for the reverse shell).

This repository provides a Python proof-of-concept exploit for CVE-2022-46169, targeting Cacti version 1.2.22. The exploit leverages an authentication bypass in the /remote_agent.php endpoint, using a spoofed X-Forwarded-For header to match an entry in the poller table. The script first checks if the target is vulnerable, then brute-forces host_id and local_data_id parameters to find valid values. Once found, it delivers a command injection payload via the 'polldata' action, resulting in remote code execution. The default payload opens a reverse shell to the attacker's machine. The repository consists of a single exploit script (cacti.py) and a README.md with usage instructions and background information. The exploit is operational and requires the attacker to supply their own IP and port for the reverse shell connection.

This repository contains a Python exploit script (CVE-2022-46169.py) and a README for CVE-2022-46169, a remote code execution vulnerability in Cacti 1.2.22. The exploit targets the '/remote_agent.php' endpoint on the victim server, attempting to bypass authorization and brute-force valid 'host_id' and 'local_data_ids' parameters. Upon success, it injects a payload that opens a reverse shell to the attacker's machine using a bash command. The script requires the attacker to specify the target URL, their own IP (LHOST), and a listening port (LPORT). The README provides usage instructions and an example of a successful reverse shell session. The exploit is operational, providing a working reverse shell if the target is vulnerable and properly configured.

This repository contains a Python exploit script (xplt_fixed.py) targeting Cacti versions 1.2.2x up to 1.2.22, exploiting CVE-2022-46169 for unauthenticated remote command execution (RCE). The exploit works by sending crafted HTTP GET requests to the Cacti server's /remote_agent.php endpoint, injecting a base64-encoded bash reverse shell payload via URL parameters. The attacker must specify the target URL, their own IP and port for the reverse shell, and a value for the X-Forwarded-For header (likely to bypass access controls). The script iterates over possible host_id and local_data_ids values to maximize the chance of successful exploitation. If successful, the attacker receives a reverse shell from the Cacti server. The repository structure is simple, containing only a README and the main exploit script.