Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
CVE-2024-5084
poc link: https://github.com/WOOOOONG/CVE-2024-5084/blob/main/CVE-2024-5084_exploit.py
I used the PoC in the link. Instead of getting a reverse shell with PHP as in PoC, I upload a simple text file and check it. Then I check the uploaded file with matchers. I do not infect the system with a possible malicious shell.
Burp
get nonce
![0](https://cdn.statically.io/img/private-user-images.githubusercontent.com/90972683/345920192-a9234ec2-f5a4-442b-9ad5-afc630724d72.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjA3MjU1MjksIm5iZiI6MTcyMDcyNTIyOSwicGF0aCI6Ii85MDk3MjY4My8zNDU5MjAxOTItYTkyMzRlYzItZjVhNC00NDJiLTlhZDUtYWZjNjMwNzI0ZDcyLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA3MTElMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNzExVDE5MTM0OVomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTZkZWViMmI4N2U0ZTUzNmRiZTUzZjE0MTcxNzlkMDk2MmFhYjcxYTMyNGY2ZDI0MThlY2JjNTc3Y2QyY2FmNDAmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.mu8obOYWSrTnIfNik0RKShZKnBAJo4wtgXiR95tVXzw)
upload txt file
![1](https://cdn.statically.io/img/private-user-images.githubusercontent.com/90972683/345920259-fb3cc142-352c-4a3f-8dfb-e8bd182c0fff.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjA3MjU1MjksIm5iZiI6MTcyMDcyNTIyOSwicGF0aCI6Ii85MDk3MjY4My8zNDU5MjAyNTktZmIzY2MxNDItMzUyYy00YTNmLThkZmItZThiZDE4MmMwZmZmLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA3MTElMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNzExVDE5MTM0OVomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTJmMjg0NmFjMTY5YWY2YWQwZWRjY2ViMjAyZmFiMDc1YTY4MTY1MmFhZDI3ZWQ2NjYzNGE3Y2Y4MmIxMjkyODEmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.OVNdjFCFGVQ8AeWd5cjJVBvZOqH9053ghHjBbFyeodY)
check txt file
![2](https://cdn.statically.io/img/private-user-images.githubusercontent.com/90972683/345920361-661cf2f5-11ba-4039-8004-caa56878f847.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjA3MjU1MjksIm5iZiI6MTcyMDcyNTIyOSwicGF0aCI6Ii85MDk3MjY4My8zNDU5MjAzNjEtNjYxY2YyZjUtMTFiYS00MDM5LTgwMDQtY2FhNTY4NzhmODQ3LnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA3MTElMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNzExVDE5MTM0OVomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPWY3NjMyYWI5MDkzYWM4NWFiM2UwOGMyOTMzYWYzNjg4ODdkYTI1NzgxY2VkNDM5MTE0Y2Q1ZWY1NmMxMDdkM2UmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.opn76rtU8b-92BXzNmMGsDvVS3bmutAcqoVhmKulpbI)
Template Validation
I've validated this template locally?
Additional Details (leave it blank if not applicable)
Additional References: