Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-23741 PoC — Hyper 安全漏洞

Source
https://github.com/V3x0r/CVE-2024-23741
Associated Vulnerability
Title:Hyper 安全漏洞 (CVE-2024-23741)
Description:hyper是hyperium开源的一个 Rust 的快速、正确的 HTTP 实现。 Hyper 3.4.1 版本之前存在安全漏洞,该漏洞源于通过 RunAsNode 和 enableNodeClilnspectArguments 设置可以执行任意代码。
Description
CVE-2024-23741
Readme
# CVE-2024-23741
An issue in Hyper through 3.4.1 on macOS allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.

There is a tool designed to automate the process of searching for vulnerabilities in electron: https://github.com/r3ggi/electroniz3r
<img width="543" alt="image" src="https://github.com/V3x0r/CVE-2024-23741/assets/83291215/cd6660d9-0321-42ca-8edf-d525026e2d0e">

 
 
 With this tool, we can check if the App is Vulnerable:
 
 <img width="839" alt="image" src="https://github.com/V3x0r/CVE-2024-23741/assets/83291215/21fdd284-0e4f-4bef-9a26-e2334c443c08">

 
 
 After validation, we can inject our code, and get a shell
 
 
 <img width="845" alt="image" src="https://github.com/V3x0r/CVE-2024-23741/assets/83291215/533c0e51-13a6-49ae-9ef1-7acf8b7b8311">



 Enjoy Your Shell :)
File Snapshot

 [4.0K]  /data/pocs/99229c0e027d71b7e9614e1b80e80cd63a0f40a4
└── [ 849]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.