CVE-2022-24716

This exploit leverages a path traversal vulnerability in Icinga Web 2 to disclose arbitrary files. It constructs a malicious URL to access files outside the intended directory, bypassing access controls.

This exploit leverages a path traversal vulnerability in Icinga Web 2 to disclose arbitrary files. It constructs a malicious URL to access files outside the intended directory, confirming the vulnerability by fetching the file content.

The repository contains a functional Python script that exploits CVE-2022-24716, an arbitrary file disclosure vulnerability in Icinga Web 2. The script sends a crafted HTTP request to read sensitive files (e.g., /etc/passwd) by appending the file path to a vulnerable endpoint.

This PoC exploits an arbitrary file disclosure vulnerability in Icinga Web 2 by crafting a URL to access sensitive files (e.g., /etc/passwd) without authentication. It checks for the presence of 'root:x:' in the response to confirm vulnerability.

This Go-based exploit demonstrates arbitrary file disclosure in Icinga Web 2 versions <2.8.6, <2.9.6, and <2.10 by leveraging a path traversal vulnerability in the `/icingaweb2/lib/icinga/icinga-php-thirdparty` endpoint.

This PoC exploits an arbitrary file disclosure vulnerability in Icinga Web 2 by crafting a URL to access files accessible to the web server user. It sends a GET request to the target URL and retrieves the content of the specified file.

This exploit leverages a path traversal vulnerability in Icinga Web 2 to disclose arbitrary files. The script sends a crafted HTTP request to read files from the server without authentication.

This repository contains a functional Python exploit for CVE-2022-24716, an arbitrary file disclosure vulnerability in Icinga Web 2 versions <2.8.6, <2.9.6, and <2.10. The exploit constructs a path traversal URL to retrieve sensitive files from the target system.

This Metasploit module exploits an unauthenticated directory traversal vulnerability in Icingaweb versions 2.9.0-2.9.5 and 2.8.0-2.8.5. It allows arbitrary file retrieval via a crafted GET request to the icinga-php-thirdparty library endpoint.