Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-36356 PoC — Kramer Electronics VIAware 代码问题漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-36356.yaml
Associated Vulnerability
Title:Kramer Electronics VIAware 代码问题漏洞 (CVE-2021-36356)
Description:Kramer Electronics VIAware是以色列克莱默电子(Kramer Electronics)公司的一套无线演示协作软件解决方案。 Kramer Electronics VIAware 存在代码问题漏洞,该漏洞源于 KRAMER VIAware 允许远程攻击者执行任意代码,因为 ajaxPages/writeBrowseFilePathAjax.php 接受任意可执行路径名(即使 browseSystemFiles.php 不再可通过 GUI 访问)。
Description
KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames.
File Snapshot

 id: CVE-2021-36356

info:
  name: Kramer VIAware - Remote Code Execution
  author: gy741
  severity:

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.