module
BYOB Unauthenticated RCE via Arbitrary File Write and Command Injection (CVE-2024-45256, CVE-2024-45257)
| Disclosed |
|---|
| Aug 15, 2024 |
Disclosed
Aug 15, 2024
Description
This module exploits two vulnerabilities in the BYOB (Build Your Own Botnet) web GUI:
1. CVE-2024-45256: Unauthenticated arbitrary file write that allows modification of the SQLite database, adding a new admin user.
2. CVE-2024-45257: Authenticated command injection in the payload generation page.
These vulnerabilities remain unpatched.
1. CVE-2024-45256: Unauthenticated arbitrary file write that allows modification of the SQLite database, adding a new admin user.
2. CVE-2024-45257: Authenticated command injection in the payload generation page.
These vulnerabilities remain unpatched.
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.