Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-46310 PoC — Cfx.re FXServer 安全漏洞

Source
https://github.com/UwUtisum/FiveM-CVE-2024-46310-POC
Associated Vulnerability
Title:Cfx.re FXServer 安全漏洞 (CVE-2024-46310)
Description:Cfx.re FXServer是Cfx.re公司的一个平台服务器。 Cfx.re FXServer v9601及之前版本存在安全漏洞,该漏洞源于错误访问控制,允许未经身份验证的用户通过公开的 API 端点修改和读取任意用户数据。
Description
POC for CVE-2024-46310 For FXServer version's v9601 and prior,  Incorrect Access Control in FXServer version's v9601 and prior, for CFX.re FiveM, allows unauthenticated users to modify and read userdata via exposed api endpoint
Readme
# FiveM-CVE-2024-46310-POC
POC for CVE-2024-46310 For FXServer version's v9601 and prior <br>

Incorrect Access Control in FXServer version's v9601 and prior, for CFX.re FiveM, allows unauthenticated users to modify and read userdata via exposed api endpoint

## How to use the script

navigate to [servers.fivem.net](https://servers.fivem.net) <br>
pick a server <br>
copy the join code <br>
and enter it into the script provided in this repository <br>

using this exposed api endpoint we can get the ip address associated with server and user data however when this endpoint is closed it will not fix the issue of every server running FXServer version's v9601 and prior having an exposed /players.json file that unauthenticated users can view and push changes to

## Example of data unauthenticated users can obtain

    {
    "endpoint": "127.0.0.1", (always 127.0.0.1)
    "id": 328, [ingame session ID]
    "identifiers": [
      "steam:", [Steam ID of the user]
      "license:", [FiveM Licence Key]
      "xbl:", [Xbox Live ID]
      "live:", [Xbox Live ID]
      "discord:", [Discord User ID]
      "fivem:", [FiveM User ID]
      "license2:" [FiveM Licence Key]
    ],
    "name": "Example", [FiveM Username of player]
    "ping": 96 [Current Ping of The Player]
    }

## Official public responce from CFX.re after issue was disclosed to them

"To improve player safety, we are also going to deprecate player identifiers from being publicly accessible on servers’ `players.json` endpoint as well as from our server list backend in the coming weeks.<br>
Server owners who want to retain identifiers on their `players.json` for backward-compatibility will be able to use the `sv_exposePlayerIdentifiersInHttpEndpoint` ConVar, but we will implement a safer alternative later this year, allowing for a security string to be passed when querying `players.json`." - CFX.re <br><br>
https://forum.cfx.re/t/celebrating-one-year-with-rockstar-games/
File Snapshot

 [4.0K]  /data/pocs/d99d90dc6c91c84a4e78380949175331e35e22d2
├── [1.5K]  CVE-2024-46310.py
└── [1.9K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.