关联漏洞
标题:pyload 跨站请求伪造漏洞 (CVE-2024-22416)Description:pyload是一个用 Python 编写的免费开源下载管理器,设计为极其轻量级、易于扩展且可通过 Web 完全管理。 pyload 0.5.0b3.dev78之前版本存在跨站请求伪造漏洞,该漏洞源于存在跨站请求伪造(CSRF)漏洞,未经身份验证的用户可以使用GET请求进行任何API调用。
Description
CVE-2024-22416 exploit experiments
介绍
# CVE-2024-22416
Reference report: [GHSA-pgpj-v85q-h5fm](https://github.com/pyload/pyload/security/advisories/GHSA-pgpj-v85q-h5fm)
This repository contains a docker compose configuration that setups both a pyLoad server
and an attacker server that just provides a `csrf.html`. To test yourself, just run
`docker composer up` (you need to have docker composer installed additionally to docker).
Then, start by going to `localhost:8000`, which is the pyLoad login page, and login with
user `pyload` and password `pyload`. Then, go to `localhost:8001/csrf.html`, this will
instantly submit a cross-site request to pyLoad API and add a user called "hacker".
You can check that it worked by going to Settings > Users and notice that "hacker" user
has been added!
文件快照
[4.0K] /data/pocs/2546ee15839cd94c7c13d39a642af8991885c558
├── [4.0K] attacker
│ ├── [ 338] csrf.html
│ └── [ 55] Dockerfile
├── [ 317] compose.yaml
├── [171K] CVE #2.pdf
├── [4.0K] pyload
│ ├── [ 310] Dockerfile
│ └── [3.3K] pyload.cfg
└── [ 761] README.md
2 directories, 7 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。