CVE-2024-50623

The repository contains functional exploit code for CVE-2024-50623, demonstrating command execution via a session-based shell endpoint. The script includes multi-threaded scanning capabilities and validates vulnerability by checking for 'uid=' and 'gid=' in the response.

This PoC exploits an unrestricted file upload and download vulnerability in Cleo software (CVE-2024-50623). It allows arbitrary file read and write operations via crafted HTTP headers to the Synchronization endpoint.

This repository contains a functional proof-of-concept exploit for CVE-2024-50623, targeting Cleo's file transfer software. The exploit leverages unrestricted file upload and download capabilities to achieve remote code execution by manipulating the Synchronization endpoint.

This PoC checks for CVE-2024-50623 in Cleo LexiCom by exploiting a path traversal vulnerability to read arbitrary files and upload files. It verifies the version and attempts to read system.ini and upload a test file.

This PoC exploits a path traversal vulnerability in the target software by manipulating the 'path' parameter in the 'Retrieve' header to read arbitrary files (e.g., '/etc/passwd'). The script sends a crafted GET request to the '/Synchronization' endpoint with malicious headers.