CVE-2024-34470

The repository contains functional exploit code for CVE-2024-34470, a path traversal vulnerability in HSC MailInspector up to version 5.2.18. The exploit leverages the 'path' parameter in /public/loader.php to read arbitrary files, demonstrated by fetching /etc/passwd.

The repository contains a Python script that scans for CVE-2024-34470, a path traversal vulnerability in HSC Mailinspector. It checks for the presence of '/etc/passwd' via a crafted request to '/public/loader.php' but does not include exploit code for command injection or further exploitation.

The repository contains a functional exploit tool for CVE-2024-34470, an unauthenticated path traversal vulnerability in HSC Mailinspector. The tool sends crafted HTTP requests to retrieve sensitive files (e.g., /etc/passwd) and supports asynchronous scanning with threading and proxy options.

This repository contains a scanner for CVE-2024-34470, a Local File Inclusion (LFI) vulnerability in HSC Mailinspector. It checks for vulnerable endpoints by sending crafted requests and verifying responses for the presence of '/etc/passwd' content.

This repository provides a functional proof-of-concept for CVE-2024-34470, demonstrating a path traversal vulnerability in HSC Mailinspector's `/public/loader.php` file. The exploit allows unauthenticated users to read arbitrary files on the server by manipulating the `path` parameter.