watchtowrlabs/watchTowr-vs-Progress-ShareFile-CVE-2026-2699

# CVE-2026-2699 Progress ShareFile 认证绕过 Progress ShareFile 认证绕过检测工件生成器工具 # 描述 此检测工件生成器用于验证 Progress ShareFile 实例是否存在 CVE-2026-2699 认证绕过漏洞。 检测工件生成器会向 `/ConfigService/Admin.aspx` 端点发送 GET 请求并验证响应。 **注意** - 此工具不执行完整的漏洞利用（区域接管），也不会将此漏洞与 RCE (CVE-2026-2701) 链式结合利用。 # 检测演示 针对易受攻击实例的测试： ``` $ python3 watchTowr-vs-Progress-ShareFile-CVE-2026-2699.py -H http://sharefile.lab.local __ ___ ___________ __ _ ______ _/ |__ ____ | |_\__ ____\____ _ ________ \ \/ \/ \__ \ ___/ ___\| | \| | / _ \ \/ \/ \_ __ \ \ / / __ \| | \ \___| Y | |( <_> \ / | | \/ \/\_/ (____ |__| \___ |___|__|__ | \__ / \/\_/ |__| \/ \/ \/ watchTowr-vs-Progress-ShareFile-CVE-2026-2699.py (*) CVE-2026-2699 Progress ShareFile Authentication Bypass - Detection Artifact Generator - Sonny and Piotr of watchTowr CVEs: CVE-2026-2699 [+] Detection Artifact Generator Started [+] Sending GET to /ConfigService/Admin.aspx [+] PROBABLY VULNERABLE ``` 针对非易受攻击实例的测试： ``` $ python3 watchTowr-vs-Progress-ShareFile-CVE-2026-2699.py -H http://sharefile.lab.local __ ___ ___________ __ _ ______ _/ |__ ____ | |_\__ ____\____ _ ________ \ \/ \/ \__ \ ___/ ___\| | \| | / _ \ \/ \/ \_ __ \ \ / / __ \| | \ \___| Y | |( <_> \ / | | \/ \/\_/ (____ |__| \___ |___|__|__ | \__ / \/\_/ |__| \/ \/ \/ watchTowr-vs-Progress-ShareFile-CVE-2026-2699.py (*) CVE-2026-2699 Progress ShareFile Authentication Bypass - Detection Artifact Generator - Sonny and Piotr of watchTowr CVEs: CVE-2026-2699 [+] Detection Artifact Generator Started [+] Sending GET to /ConfigService/Admin.aspx [-] PROBABLY NOT VULNERABLE: 403 status code ``` # 受影响版本 `< ShareFile Storage Zones Controller 5.12.4` 参考： # 关注 [watchTowr](https://watchTowr.com) Labs 如需获取最新的安全研究，请关注 [watchTowr](https://watchTowr.com) Labs 团队 - https://labs.watchtowr.com/ - https://x.com/watchtowrcyber

标签：CISA项目, CVE-2026-2699, POC验证, Progress ShareFile, Python, WatchTowr, 企业文件共享, 无后门, 消息认证码, 编程工具, 网络安全, 身份验证绕过, 远程代码执行, 隐私保护