POC详情: cc8b9f633a090b4a9619fbad391246152c967031

来源
https://github.com/KTN1990/CVE-2024-42640
关联漏洞
标题: angular-base64-upload 安全漏洞 (CVE-2024-42640)
描述:angular-base64-upload是Adones Pitogo个人开发者的一个库。 angular-base64-upload 0.1.21之前版本存在安全漏洞,该漏洞源于容易受到通过 demo/server.php 进行的未经身份验证的远程代码执行攻击。
描述
Unauthenticated Remote Code Execution via Angular-Base64-Upload Library (npm:bower)
介绍
# CVE-2024-42640 Unauthenticated Remote Code Execution via Angular-Base64-Upload Library

[CVE-2024-42640](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42640) Angular-base64-upload versions prior to v0.1.21 are vulnerable to unauthenticated remote code execution via the angular-base64-upload/demo/server.php endpoint. Exploiting this vulnerability allows an attacker to upload arbitrary file content to the server, which can subsequently be accessed through the angular-base64-upload/demo/uploads endpoint. This lead to the execution of previously uploaded content and ultimately enable the attacker to achieve code execution on the server.

Vendor Homepage: https://www.npmjs.com/package/angular-base64-upload

Software Link: https://github.com/adonespitogo/angular-base64-upload

Credit: https://github.com/rvizx/CVE-2024-42640

For more exploits and exclusive ones contact me on telegram [@KtN1990](https://t.me/KtN1990).

## Usage

To run this exploit you need to have python 3 and websites list then execute

```bash
  python3 exploit.py -l list.txt -t 100
```

## Contact

- [@KtN1990](https://t.me/KtN1990)
  
## More Exploits, Check Megatron!

![Logo](https://raw.githubusercontent.com/KTN1990/CVE-2022-0316_wordpress_multiple_themes_exploit/main/files/megatron.jpg)


- Provides an easy and efficient way to assess and exploit Wordpress security holes for mass purposes.
- 160+ Exploits, all types (RCE, LOOTS, AUTHBYPASS...).
- Customizable config.
- Monthly Free updates including more code opitmization, fixing bugs, adding more exploits plus 0days.
- Strong code base and custom threading and process model using a tasks management feature, getting reliable results is assured; no need to talk about speed since at KTN we use unconventional methods for concurrency.
- [Telegram Channel](https://t.me/megatron_ktn)



## Demo

[![IMAGE ALT TEXT HERE](https://i.ytimg.com/vi_webp/irrh91Iaz7c/mqdefault.webp)](https://www.youtube.com/watch?v=irrh91Iaz7c)

## License

[MIT](https://choosealicense.com/licenses/mit/)
文件快照

 [4.0K]  /data/pocs/cc8b9f633a090b4a9619fbad391246152c967031
├── [ 11K]  LICENSE
└── [2.0K]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。