Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-40324 PoC — E-Staff 安全漏洞

Source
https://github.com/aleksey-vi/CVE-2024-40324
Associated Vulnerability
Title:E-Staff 安全漏洞 (CVE-2024-40324)
Description:A CRLF injection vulnerability in E-Staff v5.1 allows attackers to insert Carriage Return (CR) and Line Feed (LF) characters into input fields, leading to HTTP response splitting and header manipulation.
Readme
# CVE-2024-40324

## Description

A CRLF injection vulnerability in E-Staff v5.1 allows attackers to insert Carriage Return (CR) and Line Feed (LF) characters into input fields, leading to HTTP response splitting and header manipulation.

## Vulnerability Type

CRLF

## Vendor of Product

E-Staff

## Affected Product Code Base

E-Staff 5.1 

## Affected Component

HTTP headers

## Attack Type

Remote

## Impact Code execution

Potential for arbitrary header injection, cache poisoning, and session hijacking, cross-site scripting (XSS),  and other exploits.

## Discoverer

- Aleksey Vistorobskiy

## Attack Vectors

An attacker can insert CRLF characters into input fields, manipulating HTTP headers. For example, injecting CRLF into HTTP headers can result in HTTP response splitting


Screenshot:
![](/1.png)

## Reference

- https://e-staff.ru/estaff_home
- https://github.com/aleksey-vi/CVE-2024-40324
File Snapshot

 [4.0K]  /data/pocs/d66f08b51a55f60b8924fa23a3f8ab602366b953
├── [ 99K]  1.png
└── [ 911]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →