关联漏洞
标题:Apache httpd 跨站脚本漏洞 (CVE-2023-6710)Description:Apache httpd是美国阿帕奇(Apache)基金会的一款专为现代操作系统开发和维护的开源HTTP服务器。 Apache httpd 存在跨站脚本漏洞,该漏洞源于mod_proxy_cluster 中发现了一个缺陷,允许恶意用户在 URL 的alias参数中添加脚本,以触发跨站脚本。
Description
Welcome to the Metasploit Exploits Repository, your go-to resource for a comprehensive collection of cutting-edge exploits designed for penetration testing and ethical hacking. Developed and maintained by Mohamed Mounir Boudjema, this repository is crafted with a deep understanding of the evolving landscape of cybersecurity.
介绍
# CVE-2023-6710 Exploit POC
Explore the depths of CVE-2023-6710 with metasploit and our comprehensive Proof of Concept (PoC). This CVE, identified as a potential security vulnerability, has been meticulously examined to demonstrate its impact and provide a hands-on understanding of the associated risks.
# Installation
- git clone https://github.com/DedSec-47/Metasploit-Exploits-CVE-2023-6710.git
- cd Metasploit-Exploits-CVE-2023-6710
- sudo mv mod_cluster_xss.rb /usr/share/metasploit-framework/modules/auxiliary/scanner/mod_cluster_stored_xss.rb
# Usage
- use auxiliary/scanner/mod_cluster_stored_xss
- set rhosts https://www.example.com
- set targeturi /cluster-manager
- set rport 443
- set ssl true
- exploit
# Disclaimer
This script is provided solely for educational and research purposes. Please use it responsibly and only on systems for which you have explicit permission to test. Unauthorized or malicious use of this script could lead to legal consequences and ethical concerns. Ensure that you adhere to ethical guidelines and respect the privacy and security of others.
文件快照
[4.0K] /data/pocs/d87aa63e2e3577f67f9af9585ec05e947cd50745
├── [1.0K] LICENSE
├── [3.6K] mod_cluster_xss.rb
└── [1.1K] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。