Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-30269 PoC — DataEase 安全漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-30269.yaml
Associated Vulnerability
Title:DataEase 安全漏洞 (CVE-2024-30269)
Description:DataEase是一个开源的数据可视化分析工具。用于帮助用户快速分析数据并洞察业务趋势,从而实现业务的改进与优化。 DataEase 2.5.0之前版本存在安全漏洞。攻击者利用该漏洞通过浏览器访问“/de2api/engine/getEngine;.js”路径,可以看到返回的数据库配置。
Description
DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the `/de2api/engine/getEngine;.js` path via a browser reveals that the platform's database configuration is returned.
File Snapshot

 id: CVE-2024-30269

info:
  name: DataEase <= 2.4.1 - Sensitive Information Exposure
  author: s4e-i

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.