Share
## https://sploitus.com/exploit?id=952AC044-CDAF-572F-A787-90C2AF508223
# Cacti | Auth Bypass | RCE | CVE-2022-46169
Cacti: Unauthenticated Remote Code Execution Exploit in Ruby
![Screenshot 2023-01-16 at 10 52 09 AM](https://user-images.githubusercontent.com/24976957/212615643-e0759d3b-0872-4058-adac-fdfb3c9cf90a.png)
# Cacti Docker
This is a dockerized application that is vulnerable to the Cacti RCE vulnerability (CVE-2022-46169).
Follow the link to get Cacti running
```
https://github.com/vulhub/vulhub/tree/master/cacti/CVE-2022-46169
```
# Usage
```
_____ _ _ __ ___ __ ______ ___ ___ _____ _____ ______
/ ____| | | (_) /_ | |__ \ /_ |____ | |__ \|__ \ | __ \ / ____| ____|
| | __ _ ___| |_ _ | | ) | | | / /_____ ) | ) | | |__) | | | |__
| | / _` |/ __| __| | | | / / | | / /______/ / / / | _ /| | | __|
| |____ (_| | (__| |_| | | |_ / /_ _| | / / / /_ / /_ | | \ \| |____| |____
\_____\__,_|\___|\__|_| |_(_)____(_)_|/_/ |____|____| |_| \_\\_____|______|
By @Habib0x
Usage: CVE-2022-46169.rb [options]
-u, --url URL Victim URL
-f, --forwarded FORWARDED X-Forwarded value to bypass the auth
-i, --ip IP IP for reverse shell
-p, --port PORT Port for reverse shell
```
https://user-images.githubusercontent.com/24976957/212615669-0dd754de-a57e-4a0d-b37e-dac49a4439b3.mp4