CVE-2020-11883 PoC — Divante 信息泄露漏洞

Source

https://github.com/0ndras3k/CVE-2020-11883

Associated Vulnerability

Title:Divante 信息泄露漏洞 (CVE-2020-11883)
Description:Divante是Divante公司的电子商务解决方案。 Divante vue-storefront-api 1.11.1及之前版本和storefront-api 1.0-rc.1及之前版本中存在信息泄露漏洞。攻击者可借助特制HTTP请求利用该漏洞获取完整路径和节点模块名称。

Description

vue-storefront-api vulnerability

Readme

# CVE-2020-11883
[vue-storefront-api vulnerability](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11883)

## 🛠 Setup

```
$ yarn instal 
$ tsnd . <domain>
```

## 🧨 Examples

Message format
```
$ tsnd . <domain>
```
<p>
In this example, I tested the "Lights.ie" page.

</br>
<img src="https://raw.githubusercontent.com/0ndras3k/CVE-2020-11883/main/example.png">
</p>

# 🙀 Disclaimer
This application is for testing purposes only, I am not responsible for any problems that may arise. Please test only where you can.

File Snapshot


 [4.0K]  /data/pocs/81c2a57f991756e044818afd141376fffe386fd7
├── [ 19K]  example.png
├── [1.5K]  index.ts
├── [ 582]  package.json
├── [ 534]  README.md
├── [ 384]  tsconfig.json
└── [ 28K]  yarn.lock

0 directories, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!