CVE-2024-34470 PoC — HSC Cybersecurity HC Mailinspector 路径遍历漏洞

Source

https://github.com/Cappricio-Securities/CVE-2024-34470

Associated Vulnerability

Title:HSC Cybersecurity HC Mailinspector 路径遍历漏洞 (CVE-2024-34470)
Description:HSC Cybersecurity HC Mailinspector是HSC Cybersecurity公司的一个云电子邮件安全解决方案。 HSC Cybersecurity HC Mailinspector 5.2.17-3 到 v.5.2.18版本存在路径遍历漏洞，该漏洞源于/public/loader.php 中存在未经身份验证的路径遍历漏洞，path 参数没有正确过滤传递的文件和目录是否是webroot的一部分，从而允许攻击者读取服务器上的任意文件。

Description

HSC Mailinspector 5.2.17-3 through 5.2.18 - Local File Inclusion

Readme

# CVE-2024-34470
HSC Mailinspector 5.2.17-3 through 5.2.18 - Local File Inclusion

File Snapshot


 [4.0K]  /data/pocs/324846724db7358dc1858112302c0ee829b20cb5
├── [4.0K]  cve202434470
│   ├── [4.0K]  includes
│   │   ├── [ 650]  bot.py
│   │   ├── [ 470]  filereader.py
│   │   ├── [   0]  __init__.py
│   │   ├── [2.2K]  scan.py
│   │   └── [ 285]  writefile.py
│   ├── [1.7K]  main.py
│   └── [4.0K]  utils
│       ├── [1.9K]  configure.py
│       ├── [ 887]  const.py
│       ├── [2.4K]  helpers.py
│       ├── [   0]  __init__.py
│       └── [ 227]  status.py
├── [1.0K]  LICENSE
└── [  82]  README.md

3 directories, 13 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!