Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-55556 PoC — Crater 代码问题漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/code/cves/2024/CVE-2024-55556.yaml
Associated Vulnerability
Title:Crater 代码问题漏洞 (CVE-2024-55556)
Description:Crater是Crater Invoice开源的一款开源网络和移动应用程序。用于跟踪费用、付款并创建专业发票和估算。 Crater存在代码问题漏洞。攻击者利用该漏洞可以远程执行命令。
Description
InvoiceShelf version 1.3.0 and below contains an unauthenticated PHP deserialization vulnerability that can lead to remote code execution. An attacker with knowledge of the APP_KEY can achieve remote command execution on the server through Laravel's cookie deserialization. While the vulnerability is severe, it is partially mitigated in default installations as the APP_KEY is regenerated during setup.
File Snapshot

 id: CVE-2024-55556

info:
  name: InvoiceShelf <= 1.3.0 - PHP Deserialization
  author: iamnoooob,ro

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.