Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-51483 PoC — changedetection.io 安全漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-51483.yaml
Associated Vulnerability
Title:changedetection.io 安全漏洞 (CVE-2024-51483)
Description:changedetection.io是dgtlmoon个人开发者的一个网站变更检测、监控和通知应用程序。 changedetection.io 0.47.5之前版本存在安全漏洞,该漏洞源于对本地文件访问的限制存在漏洞,导致敏感的本地系统文件信息被不当获取。
Description
changedetection.io is free, open source web page change detection software. Prior to version 0.47.5, when a WebDriver is used to fetch files, `source-file-///etc/passwd` can be used to retrieve local system files, where the more traditional `file-///etc/passwd` gets blocked. Version 0.47.5 fixes the issue.
File Snapshot

 id: CVE-2024-51483

info:
  name: Changedetection.io <= 0.47.4 - Path Traversal
  author: iamnoooob,

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.