Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-35217 PoC — Eclipse Vertx-web 跨站请求伪造漏洞

Source
https://github.com/andikahilmy/CVE-2020-35217-vertx-web-vulnerable
Associated Vulnerability
Title:Eclipse Vertx-web 跨站请求伪造漏洞 (CVE-2020-35217)
Description:Eclipse Vertx-web是Eclipse基金会的一个用于构建Web应用的框架。 Vert.x-Web framework v4.0 milestone 1-4 存在跨站请求伪造漏洞,该漏洞源程序没有执行正确的CSRF验证。它不是比较请求中的CSRF令牌与cookie中的CSRF令牌,而是比较cookie中的CSRF令牌与存储在会话中的CSRF令牌。攻击者可利用该漏洞甚至不需要在请求中提供CSRF令牌,导致CSRF攻击成功。
File Snapshot

 None
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.