CVE-2023-22894 PoC — Strapi 安全漏洞

Source

https://github.com/Saboor-Hakimi/CVE-2023-22894

Associated Vulnerability

Title:Strapi 安全漏洞 (CVE-2023-22894)
Description:Strapi是一套开源的内容管理系统（CMS）。 Strapi 4.5.5之前版本存在安全漏洞，该漏洞源于允许攻击者通过利用查询过滤器来发现敏感的用户详细信息，攻击者利用该漏洞可以发现所有用户的密码哈希和密码重置令牌，或者发现所有 API 用户的敏感信息。

Description

CVE-2023-22894

File Snapshot


 [4.0K]  /data/pocs/cc04687422e7107b887845463a734e273ae7017c
├── [3.4K]  dump-authless.py
├── [4.3K]  dump-auth.py
└── [2.2K]  readme.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!