Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SimpleHelp unauth RCE chain [CVE-2024-57727, CVE-2024-57728] #19827

Open
jheysel-r7 opened this issue Jan 23, 2025 · 0 comments
Open

SimpleHelp unauth RCE chain [CVE-2024-57727, CVE-2024-57728] #19827

jheysel-r7 opened this issue Jan 23, 2025 · 0 comments
Assignees
@jheysel-r7
Labels
suggestion-module New module suggestions

Comments

@jheysel-r7
Copy link
Contributor

Summary

The blog post outlines two vulnerabilities that would chain nicely into a Metasploit module.

CVE-2024-57727 an unauthenticated path traversal which allows an attacker to download arbitrary files in including config files containing passwords encrypted with a hardcoded key.

CVE-2024-57728 an authenticated file upload (zip slip) which results in code execution.

Basic example

https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/
@jheysel-r7 jheysel-r7 added the suggestion-module New module suggestions label Jan 23, 2025
@jheysel-r7 jheysel-r7 self-assigned this Jan 23, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jheysel-r7 jheysel-r7

Labels
suggestion-module New module suggestions
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jheysel-r7