CVE-2024-42640 Angular-base64-upload versions prior to v0.1.21 are vulnerable to unauthenticated remote code execution via the angular-base64-upload/demo/server.php endpoint. Exploiting this vulnerability allows an attacker to upload arbitrary file content to the server, which can subsequently be accessed through the angular-base64-upload/demo/uploads endpoint. This lead to the execution of previously uploaded content and ultimately enable the attacker to achieve code execution on the server.
Vendor Homepage: https://www.npmjs.com/package/angular-base64-upload
Software Link: https://github.com/adonespitogo/angular-base64-upload
Credit: https://github.com/rvizx/CVE-2024-42640
For more exploits and exclusive ones contact me on telegram @KtN1990.
To run this exploit you need to have python 3 and websites list then execute
python3 exploit.py -l list.txt -t 100
- Provides an easy and efficient way to assess and exploit Wordpress security holes for mass purposes.
- 160+ Exploits, all types (RCE, LOOTS, AUTHBYPASS...).
- Customizable config.
- Monthly Free updates including more code opitmization, fixing bugs, adding more exploits plus 0days.
- Strong code base and custom threading and process model using a tasks management feature, getting reliable results is assured; no need to talk about speed since at KTN we use unconventional methods for concurrency.
- Telegram Channel
