Exploit for Incorrect Authorization in Cacti CVE-2022-46169

Name: Exploit for Incorrect Authorization in Cacti CVE-2022-46169
Rating: 5 (136 reviews)
2023-01-15 | CVSS 7.5
## https://sploitus.com/exploit?id=952AC044-CDAF-572F-A787-90C2AF508223
# Cacti | Auth Bypass | RCE | CVE-2022-46169
Cacti: Unauthenticated Remote Code Execution Exploit in Ruby 

![Screenshot 2023-01-16 at 10 52 09 AM](https://user-images.githubusercontent.com/24976957/212615643-e0759d3b-0872-4058-adac-fdfb3c9cf90a.png)


# Cacti Docker 
This is a dockerized application that is vulnerable to the Cacti RCE vulnerability (CVE-2022-46169).
Follow the link to get Cacti running 
```
https://github.com/vulhub/vulhub/tree/master/cacti/CVE-2022-46169
```

# Usage

```
   _____           _   _   __   ___   __ ______    ___  ___    _____   _____ ______ 
  / ____|         | | (_) /_ | |__ \ /_ |____  |  |__ \|__ \  |  __ \ / ____|  ____|
 | |     __ _  ___| |_ _   | |    ) | | |   / /_____ ) |  ) | | |__) | |    | |__   
 | |    / _` |/ __| __| |  | |   / /  | |  / /______/ /  / /  |  _  /| |    |  __|  
 | |____ (_| | (__| |_| |  | |_ / /_ _| | / /      / /_ / /_  | | \ \| |____| |____ 
  \_____\__,_|\___|\__|_|  |_(_)____(_)_|/_/      |____|____| |_|  \_\\_____|______|
                                                                                    
                                                                                    
 By @Habib0x

Usage: CVE-2022-46169.rb [options]
    -u, --url URL                    Victim URL
    -f, --forwarded FORWARDED        X-Forwarded value to bypass the auth
    -i, --ip IP                      IP for reverse shell
    -p, --port PORT                  Port for reverse shell

```



https://user-images.githubusercontent.com/24976957/212615669-0dd754de-a57e-4a0d-b37e-dac49a4439b3.mp4