POC详情: 02344e573422ceafcc99cdee22db2336ad216272

来源
https://github.com/rxerium/CVE-2022-24086
关联漏洞
标题: Adobe Magento 输入验证错误漏洞 (CVE-2022-24086)
描述:Adobe Magento是美国奥多比(Adobe)公司的一套开源的PHP电子商务系统。该系统提供权限管理、搜索引擎和支付网关等功能。 Adobe Magento 存在输入验证错误漏洞,该漏洞源于输入验证不当。攻击者可利用该漏洞向应用程序发送专门设计的请求,并在目标系统上执行任意代码。
描述
An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document.
介绍
# CVE-2022-24682 PoC

 ## How does this detection method work?

As stated on the advisories versions 8.8.x before 8.8.15 patch 30 (update 1) are vulnerable to attacks, the template looks at the following versions:

```
          - "8.8"
          - "8.8.6"
          - "8.8.7"
          - "8.8.8"
          - "8.8.9"
          - "8.8.10"
          - "8.8.11"
          - "8.8.12"
          - "8.8.15"
```

 ## How do I run this script?

1. Download Nuclei from [here](https://github.com/projectdiscovery/nuclei)
2. Copy the template to your local system
3. Run the following command: `nuclei -u https://yourHost.com -t template.yaml` 

## References

- https://nvd.nist.gov/vuln/detail/CVE-2022-24682
- https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/


## Disclaimer

Use at your own risk, I will not be responsible for illegal activities you conduct on infrastructure you do not own or have permission to scan.
文件快照

 [4.0K]  /data/pocs/02344e573422ceafcc99cdee22db2336ad216272
├── [ 972]  README.md
└── [1.4K]  template.yaml

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。