CVE-2023-45806 PoC — Discourse 安全漏洞

Source

https://github.com/pikariop/yksivaihde-CVE-2023-45806

Associated Vulnerability

Title:Discourse 安全漏洞 (CVE-2023-45806)
Description:Discourse是一套开源的社区讨论平台。该平台包括社区、电子邮件和聊天室等功能。 Discourse 3.1.3 版本之前存在安全漏洞，该漏洞源于如果用户的全名中使用了“|”，同时该用户被引用，在该用户更新其全名时会在他们被引用的帖子中生成大量内容。

Readme

# yksivaihde-CVE-2023-45806

CVE: https://github.com/discourse/discourse/security/advisories/GHSA-hcgf-hg2g-mw78

Patch: https://github.com/discourse/discourse/commit/7d484864fe91ff79c478f57e7ddb1235d701921e

usage: `fix_quote_attribution("Username|", <limit>, <dry_run>)`

where "Username|" is the unique search string within the quote attribution

File Snapshot


 [4.0K]  /data/pocs/9cfef417c64d1cc72cb60e6b059c21dcdf8a28bc
├── [2.8K]  fix-quote-attribution.rb
├── [ 34K]  LICENSE
└── [ 349]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!