Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-12641 PoC — Chunghwa Telecom TenderDocTransfer 跨站脚本漏洞

Source
https://github.com/Jimmy01240397/CVE-2024-12641_12642_12645
Associated Vulnerability
Title:Chunghwa Telecom TenderDocTransfer 跨站脚本漏洞 (CVE-2024-12641)
Description:Chunghwa Telecom TenderDocTransfer是中国中华电信(Chunghwa Telecom)公司的一款应用程序。 Chunghwa Telecom TenderDocTransfer 0.41.151版本到0.41.156版本存在跨站脚本漏洞,该漏洞源于容易受到反射型跨站脚本攻击和缺少CSRF保护,可能导致未认证的远程攻击者通过网络钓鱼执行任意JavaScript代码,并利用Node.Js特性运行OS命令。
File Snapshot

 [4.0K]  /data/pocs/1061f0084a60f1df2cb9c2c2c6b4d102990dd740
├── [ 194]  docker-compose.yml
├── [4.0K]  poc
│   ├── [ 19M]  RCE1.mkv
│   └── [8.7M]  RCE2.mp4
├── [ 569]  server.conf
└── [4.0K]  tdt
    ├── [2.1K]  file.html
    ├── [ 11K]  rce1.html
    ├── [2.1K]  rce2.html
    ├── [8.7M]  rickroll.mp4
    ├── [   5]  run.bat
    └── [   5]  test.txt

2 directories, 10 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.