CVE-2024-46987

This Python script exploits a path traversal vulnerability in Camaleon CMS v2.9.0 by sending a crafted HTTP GET request to the vulnerable endpoint `/admin/media/download_private_file` with a manipulated `file` parameter. It requires a valid `auth_token` cookie for authentication and checks for invalid authentication via redirect responses.

This is a functional PoC for CVE-2024-46987, an authenticated path traversal vulnerability in Camaleon CMS. It allows reading arbitrary files by manipulating the `file` parameter in the `download_private_file` endpoint.

This is a detailed technical writeup for the HackTheBox 'Facts' machine, covering multiple vulnerabilities including CVE-2024-46987 (authenticated path traversal in Camaleon CMS), privilege escalation via mass assignment, and root access via sudo misconfiguration with facter. It includes step-by-step exploitation and technical analysis.

This repository contains a Metasploit module for exploiting CVE-2024-46987, an authenticated directory traversal vulnerability in Camaleon CMS versions <= 2.8.0 and 2.9.0. The exploit allows reading arbitrary files from the server.

The repository contains a functional Python exploit for CVE-2024-46987, a path traversal vulnerability in Camaleon CMS. The exploit demonstrates arbitrary file read capabilities by leveraging unsanitized user input in the MediaController#download_private_file endpoint.

This Rust-based PoC exploits a directory traversal vulnerability (CVE-2024-46987) in an admin panel's file download endpoint. It authenticates via CSRF token, then crafts a request to leak arbitrary files using ../../../ path traversal.

This PoC exploits a directory traversal vulnerability (CVE-2024-46987) in an unspecified web application, allowing authenticated users to download arbitrary files from the server. The exploit logs in using provided credentials and then crafts a malicious request to access files outside the intended directory.

This is a functional Python-based exploit for CVE-2024-46987, an authenticated path traversal vulnerability in Camaleon CMS. It allows arbitrary file reads via a crafted request to the MediaController endpoint after authenticating with valid credentials.

This exploit leverages a path traversal vulnerability in Camaleon CMS's MediaController to allow authenticated users to download arbitrary files from the server. The PoC automates login and file retrieval via crafted requests.

This is a functional Python exploit for CVE-2024-46987, an authenticated Local File Inclusion (LFI) vulnerability in Camaleon CMS. It leverages path traversal via the `/admin/media/download_private_file` endpoint to read arbitrary files from the server.

This repository contains a functional exploit for CVE-2024-46987, a path traversal vulnerability in Camaleon CMS. The exploit allows arbitrary file download and includes automated SSH key extraction from discovered users.

This is a functional Python-based PoC for CVE-2024-46987, a path traversal vulnerability in Camaleon CMS Version 2.9.0. The exploit bypasses path normalization to retrieve sensitive files like /etc/passwd by leveraging a post-authentication flaw in the file download module.

This Metasploit module exploits CVE-2024-46987, an authenticated directory traversal vulnerability in Camaleon CMS versions <= 2.8.0 and 2.9.0. It authenticates with provided credentials, retrieves a CSRF token, and then reads arbitrary files by manipulating the 'file' parameter in the 'download_private_file' endpoint.