CVE-2024-41570 PoC — Havoc 安全漏洞

Source

https://github.com/0xLynk/CVE-2024-41570-POC

Associated Vulnerability

Title:Havoc 安全漏洞 (CVE-2024-41570)
Description:Havoc是Havoc Framework开源的一个现代且可扩展的开发后命令和控制框架。 Havoc 2 0.7版本存在安全漏洞，该漏洞源于demon回调处理中存在未经身份验证的服务端请求伪造漏洞，允许攻击者发送来自团队服务器的任意网络流量。

Description

CVE-2024-41570 is a critical SSRF vulnerability in Havoc C2 v0.7 that allows an unauthenticated attacker to send arbitrary network requests from the team server. This flaw can be exploited for internal network access or remote code execution (RCE).

Readme

# CVE-2024-41570-POC
CVE-2024-41570 is a critical SSRF vulnerability in Havoc C2 v0.7 that allows an unauthenticated attacker to send arbitrary network requests from the team server. This flaw can be exploited for internal network access or remote code execution (RCE).

File Snapshot


 [4.0K]  /data/pocs/f16ccc120ffa0fa34e52db3abd25211f61d976d2
├── [ 11K]  exploit.py
└── [ 270]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!