CVE-2023-24055 PoC — KeePass 安全漏洞

Source

https://github.com/julesbozouklian/PoC_CVE-2023-24055

Associated Vulnerability

Title:KeePass 安全漏洞 (CVE-2023-24055)
Description:KeePass是一款开源的密码管理器。 KeePass 2.53版本及之前版本存在安全漏洞。攻击者利用该漏洞通过添加导出触发器获取明文密码。

Readme

# PoC_CVE-2023-24055

### How to run ?

Edit the $User var in the script and replace value with your Username.

Open a PowerShell as administrator and run the script :
```
./PoC_CVE-2023-24055.ps1
```

After the script execution open KeePass.

Result is stored under "C:\Users\your_username\AppData\Local\Temp\output.xml"

Password stored in cleartext under :
```
<String>
  <Key>Password</Key>
  <Value ProtectInMemory="True">ExempePassword</Value>
</String>
```

### Sources
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24055
- https://sourceforge.net/p/keepass/discussion/329220/thread/a146e5cf6b/
- https://keepass.info/help/kb/trigger_examples.html

File Snapshot


 [4.0K]  /data/pocs/162a4c2aaff60aac24e05f02d94e7d0091c4fac2
├── [1.6K]  PoC_CVE-2023-24055.ps1
└── [ 667]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!