关联漏洞
描述
This Proof of Concept (PoC) demonstrates the exploitation of the CVE-2024-4367 vulnerability, which involves Cross-Site Scripting (XSS) attacks.
介绍
# CVE-2024-4367-PoC
This Proof of Concept (PoC) demonstrates the exploitation of the CVE-2024-4367 vulnerability, which involves Cross-Site Scripting (XSS) attacks.
# Features
This PoC collects and displays the following types of information:
## 1. General Information:
- Domain
- Title
- Current URL
- Referrer URL
- Cookies associated with the domain
## 2. Browser Environment Information:
- LocalStorage and SessionStorage data
- User Agent
- Screen resolution
- Platform (Operating System)
## 3. Web Features:
- Cookies enabled/disabled
- Do Not Track status
- Max touch points (e.g., for mobile devices)
- Connection type (e.g., 4G, WiFi)
- Battery level (if available)
## 4. Screen Information:
- Screen resolution
- Color depth
- Available width and height
- Orientation of the screen
## 5. Geolocation and Performance:
- Geolocation availability
- Device memory (if available)
- Hardware concurrency (number of processor cores)
## 6. WebRTC and Plugins:
- Detection of WebRTC IP leakage
- Installed browser plugins
- Available languages for the browser
# sample of PoC
文件快照
[4.0K] /data/pocs/2351975b91389c82c357b979234464de8c28bceb
├── [3.7K] CVE-2024-4367-PoC.pdf
├── [1.0K] LICENSE
├── [1.6K] README.md
└── [4.0K] sample
├── [ 28K] poc-1.png
├── [ 35K] poc-2.png
├── [ 16K] poc-3.png
├── [ 16K] poc-4.png
├── [ 11K] poc-5.png
├── [ 11K] poc-6.png
└── [ 28] test
1 directory, 10 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。