CVE-2024-57241 PoC — DesDev DedeCMS 安全漏洞

Source

https://github.com/hkl1x/CVE-2024-57241

Associated Vulnerability

Title:DesDev DedeCMS 安全漏洞 (CVE-2024-57241)
Description:DesDev DedeCMS（织梦内容管理系统）是中国卓卓（DesDev）公司的一套基于PHP的开源内容管理系统（CMS）。该系统具有内容发布、内容管理、内容编辑和内容检索等功能。 DesDev DedeCMS 5.71sp1及之前版本存在安全漏洞，该漏洞源于逻辑错误无法判断输入GET请求，从而导致URL重定向。

Description

dedecms-url 重定向

Readme

## CVE-2024-57241(CNNVD-2024-34500830)
### For web applications using DEDECMS 5.71SP1 and earlier, URL redirects occur because the source code logic error of the CMS does not judge the input GET request

### 使用dedecms 5.71sp1及以下版本的web应用，因为cms的源码逻辑错误未对输入的GET请求进行判断从而发生url重定向

### How to use POC

### poc使用方法

### Just change the domain name of the target.txt

### 更改target.txt的域名即可

### Sometimes it fails because the website has a verification mechanism that needs to add user-agent, referer, etc. to the script

### 有时失败是因为网站有验证机制需要在脚本中添加user-agent，referer等等

### Update or upgrade patches for earlier versions of DEDECMS

### 对低版本的dedecms进行更新或升级补丁

### https://www.dedecms.com/download#changelog（DedeCMS V5.7.65）

File Snapshot


 [4.0K]  /data/pocs/297d359d7d261af9d6e383c98787137bef81ef1a
├── [8.7M]  example.zip
├── [ 285]  poc.py
├── [ 895]  README.md
├── [  17]  requirements.txt
├── [ 73K]  source.png
└── [ 184]  target.txt

1 directory, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!