Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-6746 PoC — EasySpider 安全漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-6746.yaml
Associated Vulnerability
Title:EasySpider 安全漏洞 (CVE-2024-6746)
Description:EasySpider是Naibo Wang个人开发者的一个可视化数据采集、爬虫软件。 EasySpider 0.6.2版本存在安全漏洞,该漏洞源于存在路径遍历问题。
Description
A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows. Affected by this vulnerability is an unknown functionality of the file \EasySpider\resources\app\server.js of the component HTTP GET Request Handler. The manipulation with the input /../../../../../../../../../Windows/win.ini leads to path traversal: '../filedir'. The attack needs to be done within the local network.
File Snapshot

 id: CVE-2024-6746

info:
  name: EasySpider 0.6.2 - Arbitrary File Read
  author: s4e-io
  severity:

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.