CVE-2024-57610 PoC — Sylius 安全漏洞

Source

https://github.com/str4ng3r-0x7/CVE-2024-57610

Associated Vulnerability

Title:Sylius 安全漏洞 (CVE-2024-57610)
Description:Sylius是波兰Sylius公司的一套基于Symfony框架的开源电子商务平台。 Sylius v2.0.2版本存在安全漏洞，该漏洞源于包含一个速率限制问题。攻击者利用该漏洞可以进行暴力破解攻击，可能导致账户被盗用及拒绝服务。

Description

Lack of Rate Limiting in Sylius v2.0.2

Readme

# Lack of Rate Limiting in Sylius v2.0.2

Vendor Homepage: https://sylius.com/
### **Steps to Reproduce**
1.Navigate to https://store.sylius.com/login

2.Attempt multiple login requests using automated tools or scripts (e.g., Burp Suite, cURL).

3.Observe that no rate limiting is applied, and requests are processed without restriction.

## Poc video
https://drive.google.com/file/d/1o5nd8eStt0tgBpKJHUay02N_HVAUntPM/view
## Image
![alt text](https://imgur.com/9G9Skz7.png)

File Snapshot


 [4.0K]  /data/pocs/323bfe6c10ce84fbb3ee5019b163fd1ff6afaf39
└── [ 475]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!