CVE-2023-31726 PoC — AList 安全漏洞

Source

https://github.com/J6451/CVE-2023-31726

Associated Vulnerability

Title:AList 安全漏洞 (CVE-2023-31726)
Description:AList是中国Xhofe个人开发者的一个支持多存储的文件列表程序。 AList 3.15.1版本存在安全漏洞，该漏洞源于存在不正确的访问控制，攻击者利用该漏洞可以利用该漏洞获取敏感信息。

Readme

# CVE-2023-31726

--------

## Description
  - POC for CVE-2023-31726: AList 3.15.1 is vulnerable to Incorrect Access Control, which can be exploited by attackers to obtain sensitive information.
  - create by jin at 2023-05-23

--------

## Detail
  - AList is a piece of software that supports local storage and multiple web disk mounted storage. There is an unauthorized access vulnerability on AList that can be exploited by attackers to obtain sensitive information.

--------

## Affect
  - AList
    - 3.x

File Snapshot


 [4.0K]  /data/pocs/ddf1fdd5bb08f2b757e838931db755fb9023fa00
├── [1.6K]  CVE-2023-31726.py
├── [1.0K]  LICENSE
├── [ 514]  README.md
└── [  25]  requirements.txt

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!