Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-3007 PoC — 多款产品代码问题漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-3007.yaml
Associated Vulnerability
Title:多款产品代码问题漏洞 (CVE-2021-3007)
Description:ZEND Zend Framework是美国ZEND公司的一套开源的PHP开发框架,它主要用于开发Web程序和服务。Laminas Project laminas-http是Laminas Project的一个 HTTP 消息和标头抽象,以及 HTTP 客户端实现。 Laminas Project laminas-http 2.14.2 之前版本和Zend Framework 3.0.0版本存在代码问题漏洞,该漏洞源于有一个反序列化漏洞,攻击者可利用该漏洞远程代码执行。
Description
Laminas Project laminas-http < 2.14.2 and Zend Framework 3.0.0 contain a deserialization vulnerability caused by __destruct method in Zend\\Http\\Response\\Stream, letting attackers control content lead to remote code execution, exploit requires attacker-controlled serialized data.
File Snapshot

 id: CVE-2021-3007

info:
  name: Laminas Project laminas-http - Remote Code Execution
  author: 0xan

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.