CVE-2024-7456 PoC — Lunary SQL注入漏洞

Source

https://github.com/77Philly/CVE-2024-7456scripts

Associated Vulnerability

Title:Lunary SQL注入漏洞 (CVE-2024-7456)
Description:Lunary是Lunary开源的一个 LLM 的生产工具包。 Lunary v1.4.2版本存在SQL注入漏洞，该漏洞源于SQL查询的 order by 子句使用 sql.unsafe 而未事先进行清理，从而允许 SQL 注入。

Readme

Some simple scripts to help exploit SQLi using both bash and Node.js based on CVE-2024-7456 (https://nvd.nist.gov/vuln/detail/CVE-2024-7456).

File Snapshot


 [4.0K]  /data/pocs/3dfa2f28b1620b5c0dbc5f1f53367df1beac0e7a
├── [1.1K]  20247456.js
├── [ 660]  20247456.sh
└── [ 142]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!