CVE-2023-41266 PoC — Qlik Sense 输入验证错误漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-41266.yaml

Associated Vulnerability

Title:Qlik Sense 输入验证错误漏洞 (CVE-2023-41266)
Description:Qlik Sense是美国Qlik公司的一个应用程序。允许用户为本地和离线使用创建可视化、图表、交互式仪表板和分析应用程序。 Qlik Sense Enterprise for Windows存在安全漏洞。攻击者利用该漏洞可以访问存储在web根文件夹之外的文件和目录。

Description

A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote attacker to generate an anonymous session. This allows them to transmit HTTP requests to unauthorized endpoints. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13.

File Snapshot


 id: CVE-2023-41266

info:
  name: Qlik Sense Enterprise - Path Traversal
  author: AdamCrosser
  sev

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!