关联漏洞
描述
Handlebars Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability
介绍
# CVE-2019-19919
Handlebars Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability
pip install requests packaging
python handlebars_scanner.py
---------------------------------------
pip install requests
python handlebars_exploit.py
Enter the target URL:
Exploit Expected Output :
Enter the target URL (e.g., http://example.com/render): http://example.com/render
Enter the OS command to execute: ls
[+] Sending exploit payload to http://example.com/render...
[+] Payload executed successfully.
[+] Response:
file1.txt
file2.txt
文件快照
[4.0K] /data/pocs/d5dc6157d124eb23eea33b8635e134e35632e29a
├── [1.3K] handlebars_exploit.py
├── [2.5K] handlebars_scanner.py
└── [ 599] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。