关联漏洞
标题:
XWiki Platform 安全漏洞
(CVE-2024-31982)
描述:XWiki Platform是XWiki基金会的一套用于创建Web协作应用程序的Wiki平台。 XWiki Platform 存在安全漏洞,该漏洞源于 XWiki 的数据库搜索允许通过搜索文本远程执行代码。这允许公共 wiki 的任何访问者或封闭 wiki 的用户远程执行代码,因为默认情况下所有用户都可以访问数据库搜索。
描述
A tool for vulnerability detection and exploitation tool for CVE-2024-31982
介绍
# CVE-2024-31982
CVEHunter tool for vulnerability detection and exploitation tool for CVE-2024-31982
### Installation
```bash
git clone https://github.com/th3gokul/CVE-2024-31982.git
cd CVE-2024-31982
pip install -r requirements.txt
python3 cvehunter.py --help
```
### Usage
```yaml
python3 cvehunter.py -h
____ __ __ _____ _ _ _
/ ___|\ \ / /| ____|| | | | _ _ _ __ | |_ ___ _ __
| | \ \ / / | _| | |_| || | | || '_ \ | __| / _ \| '__|
| |___ \ V / | |___ | _ || |_| || | | || |_ | __/| |
\____| \_/ |_____||_| |_| \__,_||_| |_| \__| \___||_|
CVE-2024-31982 @th3gokul
[Description]: Vulnerability Detection and Exploitation
tool for CVE-2024-31982
options:
-h, --help show this help message and exit
-u URL, --url URL [INF]: Specify a URL or domain
for vulnerability detection
-l LIST, --list LIST [INF]: Specify a list of URLs
for vulnerability detection
-t THREADS, --threads THREADS
[INF]: Number of threads for
list of URLs
-proxy PROXY, --proxy PROXY
[INF]: Proxy URL to send request
via your proxy
-v, --verbose [INF]: Increases verbosity of
output in console
-o OUTPUT, --output OUTPUT
[INF]: Filename to save output
of vulnerable target]
```
### About
The tool is Developed by [th3Gokul](https://www.linkedin.com/in/gokul-v-13455521a/) and [D.Sanjai Kumar](https://www.linkedin.com/in/d-sanjai-kumar-109a7227b/) Open Source tool developer at RevoltSecurities and the tool is developed for security reseachers and Ethical hackers to know more and exploit the CVE-2024-31982
### Disclaimer
The tool is only for education and ethical purpose only and Developers are not responsible for any illegal exploitations.
文件快照
[4.0K] /data/pocs/8c90d84415e1a5496bfad6cff3941436e7ce085e
├── [7.0K] cvehunter.py
├── [1.9K] README.md
└── [ 114] requirements.txt
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。