Unauthenticated Remote Code Execution via Angular-Base64-Upload Library (npm:bower)# CVE-2024-42640 Unauthenticated Remote Code Execution via Angular-Base64-Upload Library
[CVE-2024-42640](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42640) Angular-base64-upload versions prior to v0.1.21 are vulnerable to unauthenticated remote code execution via the angular-base64-upload/demo/server.php endpoint. Exploiting this vulnerability allows an attacker to upload arbitrary file content to the server, which can subsequently be accessed through the angular-base64-upload/demo/uploads endpoint. This lead to the execution of previously uploaded content and ultimately enable the attacker to achieve code execution on the server.
Vendor Homepage: https://www.npmjs.com/package/angular-base64-upload
Software Link: https://github.com/adonespitogo/angular-base64-upload
Credit: https://github.com/rvizx/CVE-2024-42640
For more exploits and exclusive ones contact me on telegram [@KtN1990](https://t.me/KtN1990).
## Usage
To run this exploit you need to have python 3 and websites list then execute
```bash
python3 exploit.py -l list.txt -t 100
```
## Contact
- [@KtN1990](https://t.me/KtN1990)
## More Exploits, Check Megatron!
- Provides an easy and efficient way to assess and exploit Wordpress security holes for mass purposes.
- 160+ Exploits, all types (RCE, LOOTS, AUTHBYPASS...).
- Customizable config.
- Monthly Free updates including more code opitmization, fixing bugs, adding more exploits plus 0days.
- Strong code base and custom threading and process model using a tasks management feature, getting reliable results is assured; no need to talk about speed since at KTN we use unconventional methods for concurrency.
- [Telegram Channel](https://t.me/megatron_ktn)
## Demo
[](https://www.youtube.com/watch?v=irrh91Iaz7c)
## License
[MIT](https://choosealicense.com/licenses/mit/)
[4.0K] /data/pocs/cc8b9f633a090b4a9619fbad391246152c967031
├── [ 11K] LICENSE
└── [2.0K] README.md
0 directories, 2 files