Skip to content

This repository contains a Proof of Concept (PoC) exploit for CVE-2024-11680, a critical vulnerability in ProjectSend r1605 and older versions. The exploit targets a Cross-Site Request Forgery (CSRF) flaw in combination with Privilege Misconfiguration issues.

Notifications You must be signed in to change notification settings

D3N14LD15K/CVE-2024-11680_PoC_Exploit

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 

Repository files navigation

CVE-2024-11680 PoC Exploit

This repository contains a Proof of Concept (PoC) exploit for CVE-2024-11680, a critical vulnerability in ProjectSend r1605 and older versions. The exploit targets a Cross-Site Request Forgery (CSRF) flaw in combination with Privilege Misconfiguration issues.

alt text


Features

  • Exploits CSRF to modify the application title. This is the vulnerability confirmation.
  • Enables insecure options (client registration, auto-approval, and file uploads).
  • Registers a new user to demonstrate privilege misconfiguration issues.
  • Automatically restores the original application title after testing.

Usage

Prerequisites

  1. A valid target running r1605 or earlier of ProjectSend.
  2. curl: This script uses curl to send HTTP requests. You can check if curl is installed by running:

bash command -v curl

If it's not installed, you can install it using your package manager. For example, on Ubuntu:

sudo apt-get install curl

Running the Exploit

  1. Clone this repository or download the script.
  2. Run the exploit using the following syntax: ./exploit -u TARGET_URL
  3. Check the output for the generated username and password for the registered user.

Disclaimer

This exploit is intended for ethical testing within authorized environments, such as responsible disclosure programs or Vulnerability Disclosure Programs (VDPs). The authors are not responsible for misuse or unauthorized actions taken using this script.


Author

D3N14LD15K

  • d3n14ld15k[at]bugcrowdninja[dot]com

About

This repository contains a Proof of Concept (PoC) exploit for CVE-2024-11680, a critical vulnerability in ProjectSend r1605 and older versions. The exploit targets a Cross-Site Request Forgery (CSRF) flaw in combination with Privilege Misconfiguration issues.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages