This repository contains a PoC for the CVE-2022-46169 vulnerability, which allows an attacker to bypass authentication and execute arbitrary code remotely on the affected system. This vulnerability affects Cacti, version 1.2.22, released on August 18, 2022.
The vulnerability occurs due to remote_agent.php
has a function to retrieves IP address and verify an entry within the poller
table. If an entry was found, the function will return true
and the client is authorized. One of the actions is called polldata
which retrive few request parameter, if the action
of a poller_item
equals to POLLER_ACTION_SCRIPT_PHP
can lead the attacker to execute command injection vulnerability through proc_open
The PoC demonstrates how an attacker can exploit this vulnerability to bypass authentication and execute arbitrary code remotely on the affected system.
- Python3
- Requests
Make sure X-Forwarded-For
value is within the poller
table
You may change the payload
python3 cacti.py
This PoC is intended for educational and testing purposes only. Use of this PoC on any system or network without explicit permission from the system owner is illegal and may result in prosecution. The author assumes no liability for any damage caused by the use or misuse of this PoC. Use at your own risk.