Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-50334 PoC — Scoold 安全漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-50334.yaml
Associated Vulnerability
Title:Scoold 安全漏洞 (CVE-2024-50334)
Description:Scoold是Erudika开源的一个团队问答和知识共享平台。 Scoold存在安全漏洞,该漏洞源于/api;/config端点上发现了一个分号路径注入漏洞,通过在 URL 中附加分号,攻击者可以绕过身份验证并获得对敏感配置数据的未经授权的访问权限。
Description
Scoold is a Q&A and a knowledge sharing platform for teams. A semicolon path injection vulnerability was found on the /api;/config endpoint. By appending a semicolon in the URL, attackers can bypass authentication and gain unauthorised access to sensitive configuration data. Furthermore, PUT requests on the /api;/config endpoint while setting the Content-Type- application/hocon header allow unauthenticated attackers to file reading via HOCON file inclusion. This allows attackers to retrieve sensitive information such as configuration files from the server, which can be leveraged for further exploitation. The vulnerability has been fixed in Scoold 1.64.0. A workaround would be to disable the Scoold API with scoold.api_enabled = false.
File Snapshot

 id: CVE-2024-50334

info:
  name: Scoold < 1.64.0 - Authentication Bypass
  author: xbow,iamnoooob,p

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.