CVE-2024-57609 PoC — Pygwalker 安全漏洞

Source

https://github.com/H3T76/CVE-2024-57609

Associated Vulnerability

Title:Pygwalker 安全漏洞 (CVE-2024-57609)
Description:Pygwalker是Kanaries开源的一个 Python 库，只需一行代码即可将数据转换为完全交互式的可视化探索界面。 Pygwalker v.0.4.9.9版本之前存在安全漏洞，该漏洞源于通过loginredirection函数的redirect_path参数获取敏感信息并执行任意代码。

Description

Open Redirect Vulnerability in Kanaries

Readme

# Open Redirect Vulnerability in Kanaries
Vendor Homepage: https://kanaries.net/

Poc Video: https://drive.google.com/file/d/1kqfbmx1W6UgSs56gOLOsUFiGcvKrIyW9/view?usp=sharing


## Step-by-Step Exploitation Guide

### 1. Go to the Website
Navigate to the [Kanaries website](https://kanaries.net).

### 2. Initiate Login/Sign Up
- Click on the **"Log in / Sign up"** button on the homepage.
- This redirects you to:https://kanaries.net/access?redirect_path=https%3A%2F%2Fkanaries.net%2Fhome

  
### 3. Modify the Redirect Parameter
- Change the `redirect_path` parameter to a malicious site, such as:
https://kanaries.net/access?redirect_path=https%3A%2F%2Fbing.com

### 4. Trigger the Redirect
- Click on **"Login With GitHub"** or **"Login With Google"** to initiate the login process.
- Instead of being redirected back to the intended page (`kanaries.net`), you are redirected to `bing.com` (or any malicious URL specified in the `redirect_path` parameter).

  # poc image
 ![alt text](https://imgur.com/EIZ4Wq3.png)

File Snapshot


 [4.0K]  /data/pocs/553bbf209185f025545ffe3b1b0ab66158e651f6
└── [1020]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!