CVE-2021-46703 PoC — Antaris RazorEngine 安全漏洞

Source

https://github.com/BenEdridge/CVE-2021-46703

Associated Vulnerability

Title:Antaris RazorEngine 安全漏洞 (CVE-2021-46703)
Description:Antaris RazorEngine是英国Matthew Abbott个人开发者的一个基于微软 Razor 解析引擎的开源模板引擎。 Antaris RazorEngine 4.5.1-alpha001版本及之前版本的 IsolatedRazorEngine 存在安全漏洞，攻击者可利用该漏洞可以在沙箱环境中执行任意.NET代码（如果用户可以从外部控制模板内容）。注意:此漏洞只影响维护人员不再支持的产品。

Description

Simple payload builder

Readme

# CVE-2021-46703
Simple payload builder based on POC in: https://github.com/Antaris/RazorEngine/issues/585

## Usage

### C#
```bash
dotnet build --configuration Release
.\bin\Release\net4.8\Poc.exe "System.IO.File.WriteAllText(\"rce.txt\", \"Hello World\");"
```
### Python
```bash
./poc.py "System.IO.File.WriteAllText(\"rce.txt\", \"Hello World\");"
```

## Acknowledgements
- https://www.yielddd.com/about-us/discovery-of-a-critical-open-source-vulnerability-cve-2021-46703

File Snapshot


 [4.0K]  /data/pocs/0ba4d7fca1c84d572428b835c670118d484150ef
├── [1.0K]  LICENSE
├── [ 331]  Poc.csproj
├── [1.3K]  poc.py
├── [1.2K]  Poc.sln
├── [4.3K]  Program.cs
└── [ 478]  README.md

0 directories, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!