CVE-2024-35538 PoC — typecho 安全漏洞

Source

https://github.com/cyberaz0r/Typecho-Multiple-Vulnerabilities

Associated Vulnerability

Title:typecho 安全漏洞 (CVE-2024-35538)
Description:Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as value of X-Forwarded-For or Client-Ip headers while performing HTTP requests.

Description

Exploits for Typecho CVE-2024-35538, CVE-2024-35539 and CVE-2024-35540

Readme

# Typecho Multiple Vulnerabilities
This repository contains the exploits of the following vulnerabilities:
* **CVE-2024-35538:** In Typecho v1.3.0 there is a Client IP Spoofing vulnerability, which allows malicious actors to falsify their IP addresses by specifying an arbitrary IP as value of "X-Forwarded-For" or "Client-Ip" headers while performing HTTP requests.
* **CVE-2024-35539:** In Typecho v1.3.0 there is a Race Condition vulnerability in the post commenting functionality, which allows an attacker to post several comments before the spam protection checks if the comments are posted too frequently.
* **CVE-2024-35540:** In Typecho v1.3.0 there is a Stored Cross-Site Scripting vulnerability in the post writing functionality, which allows an attacker with post writing privileges to inject arbitrary JavaScript code inside the preview of a post.

File Snapshot


 [4.0K]  /data/pocs/89f20b47cdea8f6c4295445067c29defb950ea5a
├── [4.5K]  CVE-2024-35538.go
├── [4.6K]  CVE-2024-35539.go
├── [6.8K]  CVE-2024-35540.go
├── [ 34K]  LICENSE
└── [ 860]  README.md

0 directories, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!