CVE-2024-57241 PoC — DesDev DedeCMS 安全漏洞

Source

https://github.com/woshidaheike/CVE-2024-57241

Associated Vulnerability

Title:DesDev DedeCMS 安全漏洞 (CVE-2024-57241)
Description:DesDev DedeCMS（织梦内容管理系统）是中国卓卓（DesDev）公司的一套基于PHP的开源内容管理系统（CMS）。该系统具有内容发布、内容管理、内容编辑和内容检索等功能。 DesDev DedeCMS 5.71sp1及之前版本存在安全漏洞，该漏洞源于逻辑错误无法判断输入GET请求，从而导致URL重定向。

Description

dedecms-url 重定向

Readme

# CVE-2024-57241(CNNVD-2024-34500830)
For web applications using DEDECMS 5.71SP1 and earlier, URL redirects occur because the source code logic error of the CMS does not judge the input GET request
使用dedecms 5.71sp1及以下版本的web应用，因为cms的源码逻辑错误未对输入的GET请求进行判断从而发生url重定向

How to use POC
poc使用方法

Just change the domain name of the target.txt
更改target.txt的域名即可

Sometimes it fails because the website has a verification mechanism that needs to add user-agent, referer, etc. to the script
有时失败是因为网站有验证机制需要在脚本中添加user-agent，referer等等

Update or upgrade patches for earlier versions of DEDECMS
对低版本的dedecms进行更新或升级补丁
https://www.dedecms.com/download#changelog（DedeCMS V5.7.65）

File Snapshot


 [4.0K]  /data/pocs/554c2e7c8a39c7289aece8bdb3375409b3f8156f
├── [8.7M]  example.zip
├── [ 285]  poc.py
├── [ 844]  README.md
├── [ 73K]  source.png
└── [ 184]  target.txt

0 directories, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!