CVE-2024-23740 PoC — Kap 安全漏洞

Source

https://github.com/V3x0r/CVE-2024-23740

Associated Vulnerability

Title:Kap 安全漏洞 (CVE-2024-23740)
Description:Kap是Wulkano开源的一款开源屏幕录像机。 Kap 3.6.0 版本之前存在安全漏洞，该漏洞源于通过 RunAsNode 和 enableNodeClilnspectArguments 设置可以执行任意代码。

Description

 CVE-2024-23739

Readme

# CVE-2024-23740
 A An issue in Kap through 3.6.0 on macOS allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.

 There is a tool designed to automate the process of searching for vulnerabilities in electron: https://github.com/r3ggi/electroniz3r
 


 

 
 With this tool, we can check if the App is Vulnerable:
 
 <img width="841" alt="image" src="https://github.com/V3x0r/-CVE-2024-23739/assets/83291215/90d65788-a315-451f-9e3c-8f758a424e86">
 
 
 After validation, we can inject our code, and get a shell
 
 
 <img width="847" alt="image" src="https://github.com/V3x0r/-CVE-2024-23739/assets/83291215/c74ee68d-ce75-4c02-85b3-b48ae11f06a8">



 Enjoy Your Shell :)

File Snapshot


 [4.0K]  /data/pocs/999521c9bd370a1cf1e398e3434b8d1e164eb2f5
└── [ 728]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!