Skip to content

This script exploits the CVE-2024-0204 vulnerability in Fortra GoAnywhere MFT, allowing the creation of unauthorized administrative users, for educational and authorized testing purposes.

Notifications You must be signed in to change notification settings

m-cetin/CVE-2024-0204

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 

Repository files navigation

CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Deep-Dive

This repository contains a proof-of-concept exploit for the authentication bypass vulnerability (CVE-2024-0204) discovered in Fortra's GoAnywhere MFT product. The vulnerability allows an unauthenticated attacker to create an administrative user for the application.

Description

On December 4, 2023, an internal security advisory was posted by Fortra, highlighting an authentication bypass vulnerability (CVE-2024-0204) in GoAnywhere MFT. The vulnerability enables an unauthenticated attacker to create an administrative user for the application. The discovery was credited to researchers malcolm0x and Islam Elrfai.

Exploit Overview

The exploit involves manipulating the /..; path traversal technique to bypass the SecurityFilter class and gain unauthorized access to the /wizard/InitialAccountSetup.xhtml endpoint.

Usage

python CVE-2024-0204.py --ip <TARGET_IP>

or

python CVE-2024-0204.py --targets <TARGETS_FILE_PATH>
  • Replace <TARGET_IP> with the specific target IP or URL you want to test.
  • Replace <TARGETS_FILE_PATH> with the path to a file containing a list of target IPs or URLs (one per line).

This will run the script to check if the specified targets are vulnerable to the CVE-2024-0204 GoAnywhere MFT authentication bypass. The script will attempt to create an administrative user and print the result for each target. If successful, it will provide the created admin user's details (username and password).

Disclaimer

This script is provided for educational and research purposes only. Unauthorized use of this script on systems or networks without explicit permission is strictly prohibited. The author and the organization (if any) associated with this script are not responsible for any misuse or damage caused by its usage. Users are advised to obtain proper authorization before testing or using this script on any system, network, or application.

By using this script, you agree that you are solely responsible for ensuring compliance with applicable laws and regulations. Any unauthorized access, testing, or exploitation may result in legal consequences.

Use at your own risk and only on systems where you have explicit authorization.

Indicators of Compromise

Admin Users Group: Check for new additions in the GoAnywhere administrator portal under Users -> Admin Users. Database Logs: Examine transactional history logs at \GoAnywhere\userdata\database\goanywhere\log*.log.

Mitigation

The advisory suggests deleting the /InitialAccountSetup.xhtml endpoint and restarting the service. This mitigates the vulnerability.

About

This script exploits the CVE-2024-0204 vulnerability in Fortra GoAnywhere MFT, allowing the creation of unauthorized administrative users, for educational and authorized testing purposes.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages