漏洞平台

POC详情： 373f6390a7e0c6a775cf4a0438368aeb3c6145d8

来源

https://github.com/PRX5Y/CVE-2024-46310

关联漏洞

标题： Cfx.re FXServer 安全漏洞 (CVE-2024-46310)
描述：Cfx.re FXServer是Cfx.re公司的一个平台服务器。 Cfx.re FXServer v9601及之前版本存在安全漏洞，该漏洞源于错误访问控制，允许未经身份验证的用户通过公开的 API 端点修改和读取任意用户数据。

描述

POC for CVE-2024-46310 For FXServer version's v9601 and prior,  Incorrect Access Control in FXServer version's v9601 and prior, for CFX.re FiveM, allows unauthenticated users to modify and read userdata via exposed api endpoint

介绍

# CVE-2024-46310
POC for CVE-2024-46310 For FXServer version's v9601 and prior <br>

Incorrect Access Control in FXServer version's v9601 and prior, for CFX.re FiveM, allows unauthenticated users to modify and read userdata via exposed api endpoint

## How to use the script

navigate to [servers.fivem.net](https://servers.fivem.net) <br>
pick a server <br>
copy the join code <br>
and enter it into the script provided in this repository <br>

using this exposed api endpoint we can get the ip address associated with server and user data however when this endpoint is closed it will not fix the issue of every server running FXServer version's v9601 and prior having an exposed /players.json file that unauthenticated users can view and push changes to

## Example of data unauthenticated users can obtain

    {
    "endpoint": "127.0.0.1", (always 127.0.0.1)
    "id": 328, [ingame session ID]
    "identifiers": [
      "steam:", [Steam ID of the user]
      "license:", [FiveM Licence Key]
      "xbl:", [Xbox Live ID]
      "live:", [Xbox Live ID]
      "discord:", [Discord User ID]
      "fivem:", [FiveM User ID]
      "license2:" [FiveM Licence Key]
    ],
    "name": "Example", [FiveM Username of player]
    "ping": 96 [Current Ping of The Player]
    }

## Official public responce from CFX.re after issue was disclosed to them

"To improve player safety, we are also going to deprecate player identifiers from being publicly accessible on servers’ `players.json` endpoint as well as from our server list backend in the coming weeks.<br>
Server owners who want to retain identifiers on their `players.json` for backward-compatibility will be able to use the `sv_exposePlayerIdentifiersInHttpEndpoint` ConVar, but we will implement a safer alternative later this year, allowing for a security string to be passed when querying `players.json`." - CFX.re <br><br>
https://forum.cfx.re/t/celebrating-one-year-with-rockstar-games/

文件快照


 [4.0K]  /data/pocs/373f6390a7e0c6a775cf4a0438368aeb3c6145d8
├── [1.5K]  CVE-2024-46310.py
└── [1.9K]  README.md

0 directories, 2 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。