关联漏洞
描述
This Python exploit script targets a vulnerable Laravel Filemanager created by UniSharp, which allows authenticated users to bypass file restrictions and upload malicious files. This can lead to Remote Code Execution (RCE) when the uploaded payload is triggered.
介绍
# CVE-2024-21546 Python Exploit
## 🔥 Description
This Python exploit script targets a vulnerable Laravel Filemanager created by **UniSharp**, which allows authenticated users to bypass file restrictions and upload malicious files. This can lead to **Remote Code Execution (RCE)** when the uploaded payload is triggered.
The exploit performs the following:
- Validates the user-provided `laravel_session`
- Extracts CSRF `_token` via regex
- Uploads a fake PNG file containing a PHP reverse shell payload
- Triggers the uploaded file
## ⚠️ Affected Versions
Version 2.9.1 and prior version
## ⚙️ Usage
```shell
python3 CVE-2024-21546.py <target_url> <listener_ip> <listener_port> <laravel_session>
```
Important: Start your listener before running the script:
```shell
nc -lvnp <listener_port>
```
## 💻 Sample Run
## ℹ️ Reference
- [CVE-2024-21546](https://www.cvedetails.com/cve/CVE-2024-21546/)
- [RCE through Upload Shell on Unisharp Laravel Filemanager](https://gist.github.com/ImHades101/338a06816ef97262ba632af9c78b78ca)
- [Commit 8170760](https://github.com/UniSharp/laravel-filemanager/commit/8170760c0ae316d77b9363cd4c76ab68d3f63f0b)
文件快照
[4.0K] /data/pocs/02d627acac05b3984d43ff7b8ae66a8f898d3245
├── [3.4K] CVE-2024-21546.py
└── [1.2K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。