Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

CVE-2024-31848 PoC — CData API Server 安全漏洞

Source
https://github.com/Stuub/CVE-2024-31848-PoC
Associated Vulnerability
Title:CData API Server 安全漏洞 (CVE-2024-31848)
Description:A path traversal vulnerability exists in the Java version of CData API Server < 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application.
Description
PoC for Exploiting CVE-2024-31848/49/50/51 - File Path Traversal
Readme
# Exploiting CData within Jetty servers - CVE-2024-31848/49/50/51 - File Path Traversal & File Read

## What it is

A prototype PoC for the automation of vulnerability analysis on targets running CData applications on an embedded Jetty server.

## Usage 

Just use `-u` or `--url` to specify your target, the script will attempt to retrieve the `getSettings.rsb?` file, present within all CData instances.

## Example

![image](https://github.com/Stuub/CVE-2024-31848-PoC/assets/60468836/778ad753-0abb-45e6-b157-bde723839067)


## Notes

More error handling to be added in future

## Disclaimer

Please use responsibly, exploitability is extremely high with this vulnerability. Only test within your own authorised limitations.
File Snapshot

 [4.0K]  /data/pocs/50013e6c1cf227616e21b683abf11eeb8b35f9be
├── [3.0K]  CVE-2024-31848.py
└── [ 728]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →