POC详情: 6fe1319c10a414fe0e43353b36c4b89b187d27e4

来源
https://github.com/l20170217b/CVE-2024-51747
关联漏洞
标题: Kanboard 安全漏洞 (CVE-2024-51747)
描述:Kanboard是Kanboard开源的一套开源的可视化任务板软件。该软件能够根据业务定制面板。 Kanboard 1.2.42之前版本存在安全漏洞,该漏洞源于经过身份验证的管理员可以从服务器读取和删除任意文件。
介绍
# CVE-2024-51747
Log in with an administrator account and download the database in the system settings
![2024-11-15_114806](https://github.com/user-attachments/assets/05843939-b0eb-45b0-9c7a-e5fba955c9f4)

Modify project_has_files in the sqlite.db database
![2024-11-15_115438](https://github.com/user-attachments/assets/aa7f2fd1-464f-418e-a50b-84cb9935566b)

Compress the modified sqlite.db with gzip and upload it. After uploading it to the project and clicking the file to view/download, the attacker can read and delete any file from the server.
![2024-11-15_115652](https://github.com/user-attachments/assets/c04a30af-7140-4193-a527-21d7d2691df4)
文件快照

 [4.0K]  /data/pocs/6fe1319c10a414fe0e43353b36c4b89b187d27e4
└── [ 652]  README.md

0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。