CVE-2024-56331 PoC — Uptime Kuma 路径遍历漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/code/cves/2024/CVE-2024-56331.yaml

Associated Vulnerability

Title:Uptime Kuma 路径遍历漏洞 (CVE-2024-56331)
Description:Uptime Kuma是Louis Lam个人开发者的一个易于使用的自托管监控工具。 Uptime Kuma 1.23.0至1.23.15版本和2.0.0-beta.0版本存在路径遍历漏洞，该漏洞源于源于对real-browser请求类型中的URL字段缺少服务器端验证和清理，导致攻击者可以访问服务器上的敏感本地文件。

Description

Uptime Kuma has an Improper URL Handling vulnerability that can be exploited through the "real-browser" feature.
By providing a URL using the file:/// protocol (e.g., file:///etc/passwd), an attacker can obtain a screenshot
of local sensitive files, because the user input is not validated by the server.

File Snapshot


 id: CVE-2024-56331

info:
  name: Uptime-Kuma - Local File Inclusion (LFI)
  author: hyni03
  severi

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!