cbcvebase.
CVE-2024-45256
published 2024-08-26

CVE-2024-45256: An arbitrary file write issue in the exfiltration endpoint in BYOB (Build Your Own Botnet) 2.0 allows attackers to overwrite SQLite databases and bypass…

PriorityP270critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
5.63%
92.0th percentile
An arbitrary file write issue in the exfiltration endpoint in BYOB (Build Your Own Botnet) 2.0 allows attackers to overwrite SQLite databases and bypass authentication via an unauthenticated HTTP request with a crafted parameter. This occurs in file_add in api/files/routes.py.

Detection & IOCsextracted from sources · hover to see the quote

pathapi/files/routes.py
  • Monitor for unauthenticated HTTP requests to the BYOB exfiltration endpoint (file_add handler) that include crafted parameters targeting SQLite database file paths — this is the trigger for the arbitrary file write.
  • Alert on unexpected modifications to BYOB SQLite database files, particularly the addition of new admin users, which indicates successful exploitation of CVE-2024-45256 as a precursor to authenticated RCE (CVE-2024-45257).
  • Detect chained exploitation: unauthenticated file write to the SQLite DB (CVE-2024-45256) followed by authenticated login and command injection on the payload generation page (CVE-2024-45257) — look for this two-stage pattern in web logs.
  • ·These vulnerabilities remain unpatched in BYOB 2.0 — no vendor fix is available, so detection and network-level controls are the primary mitigation.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.