关联漏洞
标题:Adobe Magento 输入验证错误漏洞 (CVE-2022-24086)Description:Adobe Magento是美国奥多比(Adobe)公司的一套开源的PHP电子商务系统。该系统提供权限管理、搜索引擎和支付网关等功能。 Adobe Magento 存在输入验证错误漏洞,该漏洞源于输入验证不当。攻击者可利用该漏洞向应用程序发送专门设计的请求,并在目标系统上执行任意代码。
Description
An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document.
介绍
# CVE-2022-24682 PoC
## How does this detection method work?
As stated on the advisories versions 8.8.x before 8.8.15 patch 30 (update 1) are vulnerable to attacks, the template looks at the following versions:
```
- "8.8"
- "8.8.6"
- "8.8.7"
- "8.8.8"
- "8.8.9"
- "8.8.10"
- "8.8.11"
- "8.8.12"
- "8.8.15"
```
## How do I run this script?
1. Download Nuclei from [here](https://github.com/projectdiscovery/nuclei)
2. Copy the template to your local system
3. Run the following command: `nuclei -u https://yourHost.com -t template.yaml`
## References
- https://nvd.nist.gov/vuln/detail/CVE-2022-24682
- https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/
## Disclaimer
Use at your own risk, I will not be responsible for illegal activities you conduct on infrastructure you do not own or have permission to scan.
文件快照
[4.0K] /data/pocs/02344e573422ceafcc99cdee22db2336ad216272
├── [ 972] README.md
└── [1.4K] template.yaml
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →