CVE-2024-32369 PoC — HSC Cybersecurity HC Mailinspector 安全漏洞

Source

https://github.com/chucrutis/CVE-2024-32369

Associated Vulnerability

Title:HSC Cybersecurity HC Mailinspector 安全漏洞 (CVE-2024-32369)
Description:HSC Cybersecurity HC Mailinspector是HSC Cybersecurity公司的一个云电子邮件安全解决方案。 HSC Cybersecurity HC Mailinspector 5.2.17-3版本至5.2.18版本存在安全漏洞。远程攻击者利用该漏洞通过特制的有效载荷获取 mliWhiteList.php 组件中的 start 和 limit 参数的敏感信息。

Readme

# CVE-2024-32369

**Description:** SQL Injection vulnerability in HSC Cybersecurity HSC Mailinspector v.5.2.17-3 allows a remote attacker to obtain sensitive information via a crafted payload to the start and limit parameter in the mliWhiteList.php component.

**Versions:** Discovered in HSC Mailinspector 5.2.17-3 but applicable to all versions up to 5.2.18.

## Proof of Concept

The SQL injection vulnerability occurs in the limit parameter of the application's request payload. Specifically, the payload exec=fetch&start=0&limit=30' is susceptible to SQL injection.

> Payload: `exec=fetch&start=0&limit=30'`

## Vulnerable Parameter:

- Parameter: `limit`
- Payload: `exec=fetch&start=0&limit=30'`

![alt text](image.png)

File Snapshot


 [4.0K]  /data/pocs/0d3262befcc72740ec999ae17202c99fdb6c0682
├── [107K]  image.png
└── [ 727]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!