Add PoC exploit for CVE-2024-1709 - Githubissues

ronin-rb / community-pocs

A repository of PoCs for ronin-exploits

https://ronin-rb.dev

GNU General Public License v3.0

0 stars 2 forks source link

Add PoC exploit for CVE-2024-1709 #32

Open postmodern opened 3 months ago

postmodern commented 3 months ago

Add a PoC exploit for CVE-2024-1709, authentication bypass in ConnectWise ScreenConnect <= 23.9.7.

Reference PoCs

https://github.com/cjybao/CVE-2024-1709-and-CVE-2024-1708/blob/main/CVE-2024-1709.py (appears to also inject a C# payload which executes a command)
https://github.com/sxyrxyy/CVE-2024-1709-ConnectWise-ScreenConnect-Authentication-Bypass/blob/main/exploit.py
https://github.com/W01fh4cker/ScreenConnect-AuthBypass-RCE/blob/main/ScreenConnect-AuthBypass-RCE.py
https://github.com/W01fh4cker/ScreenConnect-AuthBypass-RCE/blob/main/batchAdduser.py (adds a new user)

Vuln App

N/A

How to Submit a PoC

See the CONTRIBUTING file for instructions on how to submit a PoC exploit.