关联漏洞
介绍
# CVE-2024-53617: Stored XSS in LibrePhotos before version 2024w47
LibrePhotos before version 2024w47 has a stored XSS (Cross-site Scripting) allows attackers to takeover any account via uploading an HTML file on behalf of the admin user using IDOR in file upload.
References:
- https://github.com/LibrePhotos/librephotos/pull/1476
- https://github.com/LibrePhotos/librephotos/commit/32237ddc0b6293a69b983a07b5ad462fcdd6c929
文件快照
[4.0K] /data/pocs/ab417eb201766e32a46d114a45c866134034c4e4
├── [ 70] exploit.rwz
├── [1.2K] poc.py
└── [ 426] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。