Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-29882 PoC — SRS 安全漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/headless/cves/2024/CVE-2024-29882.yaml
Associated Vulnerability
Title:SRS 安全漏洞 (CVE-2024-29882)
Description:SRS是SRS开源的一款简单、高效、实时的视频服务器。 SRS 6.0.121之前版本存在安全漏洞。攻击者利用该漏洞执行跨站脚本攻击。
Description
SRS is a simple, high-efficiency, real-time video server. SRS's `/api/v1/vhosts/vid-<id>?callback=<payload>` endpoint didn't filter the callback function name which led to injecting malicious javascript payloads and executing XSS ( Cross-Site Scripting). This vulnerability is fixed in 5.0.210 and 6.0.121.
File Snapshot

 id: CVE-2024-29882

info:
  name: HTTP API DOM - XSS on JSONP callback
  author: rootxharsh,iamnoooo

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.