目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CVE-2024-45241 PoC — CentralSquare CryWolf 安全漏洞

来源
https://github.com/d4lyw/CVE-2024-45241
关联漏洞
标题:CentralSquare CryWolf 安全漏洞 (CVE-2024-45241)
Description:CentralSquare CryWolf是CentralSquare公司的一个误报管理系统。 CentralSquare CryWolf 存在安全漏洞,该漏洞源于 GeneralDocs.aspx 包含一个路径遍历漏洞。
Description
Path Traversal in CentralSquare's CryWolf
介绍
# CVE-2024-45241
Path Traversal in CentralSquare's CryWolf

A path traversal vulnerability in the CryWolf (False Alarm Management) application allows unauthenticated attackers to read files outside of the working web directory leading to the disclosure of sensitive information.

By sending a traversal payload to the endpoint GeneralDocs.aspx in the rpt parameter, it is then possible to access the full contents of the file by visiting gdoc1.ashx.

Repro:

- Step 1: Visit `GeneralDocs.aspx?rpt=../web.config` in a browser with an intercepting proxy configured.
- Step 2: From the intercepting proxy, locate the GET request to `gdoc1.ashx`, this will contain the contents of `web.config`.


References:

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45241
- https://daly.wtf/cve-2024-45241-path-traversal-in-centralsquare-crywolf/
文件快照

 [4.0K]  /data/pocs/608336ab8d92721b876fce7831b5f80d23fbc112
└── [ 845]  README.md

0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。