漏洞平台

POC详情： de2d9f5a4aa70407f7cab3190fca89db082faa16

来源

https://github.com/soltanali0/CVE-2024-40725

关联漏洞

标题： Apache HTTP Server 安全漏洞 (CVE-2024-40725)
描述：Apache HTTP Server是美国阿帕奇（Apache）基金会的一款开源网页服务器。该服务器具有快速、可靠且可通过简单的API进行扩充的特点。 Apache HTTP Server 2.4.62之前版本存在安全漏洞，该漏洞源于AddType和类似配置会导致本地内容的源代码泄露。

描述

exploit CVE-2024-40725 (Apache httpd) with

介绍

# HTTP Request Smuggling Detection Tool

This repository contains a Python-based tool to detect HTTP Request Smuggling vulnerabilities, specifically targeting `CVE-2024-40725`. The tool attempts to exploit this vulnerability in Apache HTTP Server by sending crafted HTTP requests and analyzing the server's responses. The primary goal is to identify discrepancies in status codes or access behavior, such as bypassing restrictions on specific paths.

## Features

- Detect HTTP Request Smuggling vulnerabilities.
- Supports single URL testing and batch testing using a list of URLs.
- Allows custom wordlists for testing various endpoint paths.
- Stores output results in a log file for further analysis.
- Identifies cases where status codes differ before and after smuggling attempts (e.g., `403` → `200`).

## Requirements

- Python 3.7+
- `requests` library

Install the required library using pip:

```bash
pip install requests
```

## Usage

### Single URL

Run the tool for a single URL:

```bash
python detect_http_smuggling.py -u https://example.com -w wordlist.txt -o output.log
```

### Batch URL Testing

Test multiple URLs from a file:

```bash
python detect_http_smuggling.py -l urls.txt -w wordlist.txt -o output.log
```

### Parameters

| Parameter | Description                              |
|-----------|------------------------------------------|
| `-u`      | Target URL for testing                  |
| `-l`      | File containing a list of target URLs   |
| `-w`      | Custom wordlist for endpoint fuzzing    |
| `-o`      | Output file for saving results          |

## Example Output

```text
Target: https://example.com
Status Change Detected:
  /admin 403 ---> /admin 200

Target: https://anotherexample.com
No vulnerability was detected.
```

## Credits

This tool was inspired by the work found in the following repository:

[https://github.com/TAM-K592/CVE-2024-40725-CVE-2024-40898/blob/ALOK/CVE-2024-40725.py#L21](https://github.com/TAM-K592/CVE-2024-40725-CVE-2024-40898/blob/ALOK/CVE-2024-40725.py#L21)

## Disclaimer

This tool is intended for educational purposes and authorized security testing only. Unauthorized use of this tool against systems you do not own or have explicit permission to test is illegal and unethical. Use responsibly.

文件快照


 [4.0K]  /data/pocs/de2d9f5a4aa70407f7cab3190fca89db082faa16
├── [4.9K]  detect_smuggling.py
└── [2.2K]  README.md

0 directories, 2 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。