POC详情: 68e3f51084ed8c60f2b979a14396b2aed9ed3974

来源
https://github.com/walidpyh/CVE-2024-0406-POC
关联漏洞
标题: archiver 路径遍历漏洞 (CVE-2024-0406)
描述:archiver是一款压缩/解压缩实用程序。 archiver存在路径遍历漏洞。攻击者利用该漏洞创建特制的 tar 文件,该文件解压后可能允许访问受限制的文件或目录。
描述
CVE-2024-0406 POC using symlinks
介绍
# CVE-2024-0406 Proof of Concept (PoC)

This repository contains a Proof of Concept (PoC) exploit for **CVE-2024-0406**, a vulnerability involving symlink-based tar archive extraction that allows for path traversal or file overwriting in affected systems.

More Details at [Path Traversal in mholt/archiver](https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVER-6227929)

## Vulnerability Details
- CVE ID: CVE-2024-0406
- Description: A flaw in tar archive extraction libraries or applications that fail to sanitize symlinks, enabling attackers to overwrite arbitrary files via path traversal when a crafted archive is extracted.
- Affected Systems: Applications using libraries like `mholt/archiver/v3` 3.5.0 and prior.
- Impact: Arbitrary file overwrite, potentially leading to privilege escalation or unauthorized access.

**⚠️ Disclaimer**: This PoC is for educational and security research purposes only. Use it only in environments where you have explicit permission to test. Unauthorized use may violate laws or terms of service.
文件快照

 [4.0K]  /data/pocs/68e3f51084ed8c60f2b979a14396b2aed9ed3974
├── [1.0K]  README.md
└── [3.8K]  script.py

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。