module
BYOB Unauthenticated RCE via Arbitrary File Write and Command Injection (CVE-2024-45256, CVE-2024-45257)
| Disclosed |
|---|
| Aug 15, 2024 |
Disclosed
Aug 15, 2024
Description
This module exploits two vulnerabilities in the BYOB (Build Your Own Botnet) web GUI:
1. CVE-2024-45256: Unauthenticated arbitrary file write that allows modification of the SQLite database, adding a new admin user.
2. CVE-2024-45257: Authenticated command injection in the payload generation page.
These vulnerabilities remain unpatched.
1. CVE-2024-45256: Unauthenticated arbitrary file write that allows modification of the SQLite database, adding a new admin user.
2. CVE-2024-45257: Authenticated command injection in the payload generation page.
These vulnerabilities remain unpatched.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.