CVE-2024-6738 PoC — WisdomGarden Tronclass ilearn 访问控制错误漏洞

Source

https://github.com/XD3an/CVE-2024-6738

Associated Vulnerability

Title:WisdomGarden Tronclass ilearn 访问控制错误漏洞 (CVE-2024-6738)
Description:WisdomGarden Tronclass ilearn是中国智园（WisdomGarden）公司的一个教学平台。 WisdomGarden Tronclass ilearn 1.69.61976之前版本存在访问控制错误漏洞，该漏洞源于缩略图API缺乏适当的访问控制，允许未经身份验证的远程攻击者通过修改URL获取某些特定文件。

Description

CVE-2024-6738...

Readme

# CVE-2024-6738

- PoC/poc.py: PoC for CVE-2024-6738
```
Usage: python PoC/poc.py -u [URL] -f [file_number] -o [output_file]
```
- nuclei-templates/CVE-2024-6738.yaml: Nuclei template for CVE-2024-6738
```
Usage: nuclei -l urls.txt -t /path/to/CVE-2024-6738.yaml
```

## References

- [https://www.twcert.org.tw/tw/cp-132-7925-97e1c-1.html](https://www.twcert.org.tw/tw/cp-132-7925-97e1c-1.html)
- [https://nvd.nist.gov/vuln/detail/CVE-2024-6738](https://nvd.nist.gov/vuln/detail/CVE-2024-6738)

File Snapshot


 [4.0K]  /data/pocs/1c0a795c70fd13d0a4abc83a531e2709240d68cb
├── [4.0K]  nuclei-template
│   └── [ 921]  CVE-2024-6738.yaml
├── [4.0K]  PoC
│   └── [5.1K]  poc.py
└── [ 508]  README.md

2 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!