关联漏洞
标题:WWBN AVideo 安全漏洞 (CVE-2024-31819)Description:WWBN AVideo是WWBN团队的一个由PHP编写的视频平台建站系统。 WWBN AVideo v.12.4 到 v.14.2版本存在安全漏洞,该漏洞源于允许远程攻击者通过 SubmitIndex.php 组件的 systemRootPath 参数执行任意代码。
Description
Unauthenticated Remote Code Execution (RCE) Vulnerability in WWBNIndex Plugin of AVideo Platform from 12.4 to 14.2
介绍
# AVideo CVE-2024-31819 🎥🔒💥
This Python script is an exploit for a critical unauthenticated Remote Code Execution (RCE) vulnerability found in the `WWBNIndex` plugin of the `AVideo` platform.
## ⚠️ Vulnerability Summary
The vulnerability lies in the `submitIndex.php` file of the `WWBNIndex` plugin for the `AVideo` platform. This file improperly handles user-supplied input through the `$_POST['systemRootPath']` parameter. The application uses this parameter in a `require_once` statement without sanitizing or validating the input, leading to the inclusion and execution of arbitrary PHP code.
## 📁 Affected Component
The affected component is the `submitIndex.php` file within the `WWBNIndex` plugin of the `AVideo` platform.
## 💥 Impact
This vulnerability allows unauthenticated attackers to execute arbitrary code on the server hosting the `AVideo` platform. Successful exploitation could lead to complete compromise of the server, unauthorized data access, and potential further attacks within the network infrastructure. This constitutes a severe security risk.
## 🎯 Attack Vector
The vulnerability can be exploited by sending a specially crafted POST request to the `submitIndex.php` file. This request includes a maliciously crafted `systemRootPath` parameter, exploiting the application's failure to sanitize user-supplied input properly.
## 🛠️ Mitigation
Immediate action should be taken to patch this vulnerability. The application developers should sanitize and validate all user-supplied inputs rigorously. Users of the `AVideo` platform should update the `WWBNIndex` plugin as soon as a security patch is released. Disabling the affected plugin until an update is available is also advisable to mitigate risk.
## 🔍 Affected Versions
Based on our assessments, versions 12.4 to 14.2 of the AVideo platform are vulnerable to this exploit. It is strongly recommended for administrators of the AVideo platform to review and upgrade their installations if they fall within these versions to ensure the security of their systems.
## 📜 Proof of Concept
1. An attacker generates a malicious PHP filter chain designed to execute arbitrary PHP code (e.g., using `php_filter_chain_generator.py` for `<?php system('id'); ?>`).
2. The attacker then crafts a POST request that includes this PHP filter chain in the `systemRootPath` parameter, targeting the vulnerable `submitIndex.php` endpoint.
## Usage
The script can be used as follows:
```bash
python3 AVideoExploit.py -u TARGET_URL
```
or for multiple targets:
```bash
python3 AVideoExploit.py -f URLS_FILE -t THREADS -o OUTPUT_FILE
```
Where:
- `TARGET_URL` is the base URL of the target AVideo platform.
- `URLS_FILE` is a file containing a list of target URLs.
- `THREADS` is the number of concurrent threads to use for scanning multiple targets.
- `OUTPUT_FILE` is the file to which output should be written.
## Note
This script is for educational purposes only. Do not use it for illegal activities. The author is not responsible for any misuse of this tool.
文件快照
[4.0K] /data/pocs/389139b256f86001b7cdaa60be6b389ba830e0a5
├── [4.0K] documentation
│ └── [4.0K] modules
│ └── [4.0K] exploit
│ └── [4.0K] multi
│ └── [4.0K] http
│ └── [6.3K] avideo_wwbnindex_unauth_rce.md
├── [8.8K] exploit.py
├── [4.0K] modules
│ └── [4.0K] exploits
│ └── [4.0K] multi
│ └── [4.0K] http
│ └── [4.0K] avideo_wwbnindex_unauth_rce.rb
├── [7.4K] php_filter_chain.py
├── [3.0K] README.md
└── [ 91] requirements.txt
9 directories, 6 files
备注
1. 建议优先通过来源进行访问。
2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →