POC详情: 72f7fcadcbb61e0cf40d2b0234a47a0fd60687f9

来源
https://github.com/aaryan-11-x/CVE-2024-57487-and-CVE-2024-57488
关联漏洞
标题: Code-Projects Online Car Rental System 安全漏洞 (CVE-2024-57487)
描述:Code-Projects Online Car Rental System是Code-Projects开源的一个汽车租赁系统。 Code-Projects Online Car Rental System 1.0版本存在安全漏洞,该漏洞源于文件上传功能未对文件扩展名或MIME类型进行验证,导致攻击者能够不受限制地上传PHP shell并在服务器上执行命令。
描述
POC of CVE-2024-57487 & CVE-2024-57488
介绍
# Online Car Rental System Vulnerabilities

This repository contains details about the vulnerabilities identified in Code-Projects **Online Car Rental System** project Version 1.0. The vulnerabilities have been assigned CVEs and include comprehensive writeups to assist in understanding and mitigating the issues.

## Vulnerabilities

1. **Remote Code Execution (Authenticated) via File Upload**  
   - **CVE-ID:** CVE-2024-57487
   - **Description:** This vulnerability allows authenticated attackers to upload malicious PHP files, enabling remote command execution on the server.  
   - [View the full writeup here](https://github.com/aaryan-11-x/CVE-2024-57487-and-CVE-2024-57488/blob/main/CVE-2024-57487.md)
  
2. **Stored XSS (Authenticated) in edit-vehicle.php**  
   - **CVE-ID:** CVE-2024-57488
   - **Description:** This vulnerability allows authenticated attackers to inject malicious JavaScript payloads that persist in the system and execute whenever the impacted page is viewed.  
   - [View the full writeup here](https://github.com/aaryan-11-x/CVE-2024-57487-and-CVE-2024-57488/blob/main/CVE-2024-57488.md)



## Disclaimer
These vulnerabilities have been responsibly disclosed to the project maintainers.

## Acknowledgments
- Researcher: Aaryan Golatkar
文件快照

 [4.0K]  /data/pocs/72f7fcadcbb61e0cf40d2b0234a47a0fd60687f9
├── [1.7K]  CVE-2024-57487.md
├── [1.4K]  CVE-2024-57488.md
├── [ 11K]  LICENSE
└── [1.2K]  README.md

0 directories, 4 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。