目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CVE-2024-40318 PoC — Webkul QloApps 安全漏洞

来源
https://github.com/3v1lC0d3/RCE-QloApps-CVE-2024-40318
关联漏洞
标题:Webkul QloApps 安全漏洞 (CVE-2024-40318)
Description:Webkul QloApps是Webkul公司的一个酒店预定管理软件。 Webkul QloApps 1.6.0.0版本存在安全漏洞,该漏洞源于存在任意文件上传漏洞。攻击者利用该漏洞通过上传特制的文件执行任意代码。
Description
Remote code execution Vulnerability in QloApps  (version 1.6.0.0)
介绍
# RCE-QloApps-CVE-2024-40318
A remote code execution (RCE) attack allow an attacker run code on a  computer. The ability to execute code could lead  to deploying additional malware or stealing sensitive data or even harm the server.

The remote code execution was discover in Qloapps version 1.6.0.0 while the application was being checked in the administrator panel, in the section “Modules  and services” where is possible to upload a modified module like “mailchimp-for-prestashop”(https://addons.prestashop.com/en/newsletter-sms/26957-mailchimp-for-prestashop.html”), this allowed to evade the php file upload restriction and get a remote code execution by modifing the file “cronjob.php” and accessing to it through the web browser.
文件快照

 [4.0K]  /data/pocs/07206532c8c51c9f69b188a2a062a3839bd5f6be
├── [736K]  qloapps--RCE.pdf
└── [ 752]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。