Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-31793 PoC — muhttpd 路径遍历漏洞

Source
https://github.com/xpgdgit/CVE-2022-31793
Associated Vulnerability
Title:muhttpd 路径遍历漏洞 (CVE-2022-31793)
Description:do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and NVG510 devices and Arris-derived BGW210 and BGW320 devices are affected.
Readme
# CVE-2022-31793

-u 指定IP  -l 指定ip文件 -v 验证模式 -f 指定读取文件

python poc.py -u ip -v

python poc.py -l url.txt -v

python poc.py -u ip -f /etc/hosts

python poc.py -l url.txt -f /etc/hosts
File Snapshot

 [4.0K]  /data/pocs/8d1eb20552cd9e1e2e899b7f2b6fbed3abf9bb64
├── [3.7K]  POC.py
├── [ 215]  README.md
└── [  27]  url.txt

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →