CVE-2021-30190 PoC — CODESYS V2 Web-Server 访问控制错误漏洞

Source

Associated Vulnerability

Title:CODESYS V2 Web-Server 访问控制错误漏洞 (CVE-2021-30190)
Description:3S-Smart Software Solutions CODESYS V2 Web-Server是德国3S-Smart Software Solutions公司的一个应用程序。一个web服务器。 CODESYS V2 Web-Server 1.1.9.20之前版本存在安全漏洞，该漏洞源于不正确的访问控制。CODESYS的用户管理允许用户依赖于对可视化页面的访问控制。但是，不管身份验证是否成功，读取或写入值的下级请求都被转发到CODESYS Control系统运行。攻击者可以通过精心制作的web服务器请求

Description

Remote Access Shell for Windows (based on cve-2021-30190)

Readme

<div align="center">

# Follina (PATCHED)
### Remote Access Shell for Windows (based on cve-2022-30190)
###### ⚠️ Made for Educational purposes only 📚

</div>

## Installation & Usage 🛠️
```bash
$ git clone https://github.com/AbdulRKB/Follina.git
$ cd Follina
$ pip install -r requirements.txt
$ python main.py

File Snapshot


 [4.0K]  /data/pocs/23a66e6dee0ce73ed703fd3589777c3507cc7589
├── [4.0K]  _document
│   ├── [1.3K]  [Content_Types].xml
│   ├── [4.0K]  docProps
│   │   ├── [ 703]  app.xml
│   │   └── [ 734]  core.xml
│   ├── [4.0K]  _rels
│   └── [4.0K]  word
│       ├── [3.8K]  document.xml
│       ├── [1.5K]  fontTable.xml
│       ├── [4.0K]  _rels
│       │   └── [ 973]  document.xml.rels
│       ├── [2.9K]  settings.xml
│       ├── [ 29K]  styles.xml
│       ├── [4.0K]  theme
│       │   └── [6.6K]  theme1.xml
│       └── [ 802]  webSettings.xml
├── [4.0K]  io
│   └── [   1]  _
├── [2.4K]  main.py
├── [ 44K]  nc64.exe
├── [ 323]  README.md
└── [  18]  requirements.txt

7 directories, 15 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!