Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-40870 PoC — Aviatrix Controller 代码问题漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-40870.yaml
Associated Vulnerability
Title:Aviatrix Controller 代码问题漏洞 (CVE-2021-40870)
Description:Aviatrix Controller是Aviatrix公司的一个应用软件。用云提供商的API来扩展和控制本机结构,从而扩展其功能并将其集成到软件中。 Aviatrix Controller存在安全漏洞,该漏洞源于软件当中可以对于上传文件的类型缺乏有效的限制和过滤,这允许未经身份验证的用户通过目录遍历实现任意代码执行。
Description
Aviatrix Controller 6.x before 6.5-1804.1922 contains a vulnerability that allows unrestricted upload of a file with a dangerous type, which allows an unauthenticated user to execute arbitrary code via directory traversal.
File Snapshot

 id: CVE-2021-40870

info:
  name: Aviatrix Controller 6.x before 6.5-1804.1922 - Remote Command Exec

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.