CVE-2020-24815 PoC — Microstrategy 代码问题漏洞

Source

https://github.com/darkvirus-7x/exploit-CVE-2020-24815

Associated Vulnerability

Title:Microstrategy 代码问题漏洞 (CVE-2020-24815)
Description:A Server-Side Request Forgery (SSRF) affecting the PDF generation in MicroStrategy 10.4, 2019 before Update 6, and 2020 before Update 2 allows authenticated users to access the content of internal network resources or leak files from the local system via HTML containers embedded in a dossier/dashboard document. NOTE: 10.4., no fix will be released as version will reach end-of-life on 31/12/2020.

Readme

# exploit-CVE-2020-24815.py
this is my first exploit for CVE-2020-24815



<img width="450px" alt="Screenshot 2023-03-18 225341" src="https://user-images.githubusercontent.com/111196316/226142334-ded6f12f-5ac6-4fa0-bc3e-f4acd8752aca.png">

<div style="font-weight:700">put the POST path after url !!!!<br>Example:<br><img src="https://user-images.githubusercontent.com/111196316/226142885-244a3b8a-75b5-447f-b655-a33bf935b41d.png">
</div>

if the script not work change the cookie on script
```bash
  $ -> pip install -r requirements.txt
```
fix probleme pdftotext not installed:
``` 
  $ -> sudo apt-get install build-essential libpoppler-cpp-dev pkg-config python3-dev
 ```

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →