CVE-2021-40870 PoC — Aviatrix Controller 代码问题漏洞

Source

Associated Vulnerability

Description

Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file which allows an unauthenticated user to execute arbitrary code via directory traversal

Readme

<p align="center">
    <img src="https://img.shields.io/badge/Version-v0.5.4-orange?style=for-the-badge">
      <img src="https://img.shields.io/badge/Python-3x-brightgreen?style=for-the-badge">
      <img src="https://img.shields.io/github/downloads/0xAgun/CVE-2021-40870/total?style=for-the-badge">
      <img src="https://img.shields.io/github/languages/top/0xAgun/CVE-2021-40870?style=for-the-badge">
</p>
<h1 align="center">
  <br>
    CVE-2021-40870 Exploitation
  <br>
</h1>

<h4 align="center">An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.</h4>


## Modules need to Install

To run this project, you will need to add the following modules in your python

`requests`
`urllib3`


## Uses

To run this project you need to do the followings

```bash
  python3 poc.py https://site.com/
```
must include / at the end of the url


## 🔗 Links
[![twitter](https://img.shields.io/badge/twitter-1DA1F2?style=for-the-badge&logo=twitter&logoColor=white)](https://twitter.com/myselfAshraful)

File Snapshot

 [4.0K]  /data/pocs/36a0a59d1a1e2e76f82a7bf55cb5ded3aef4cffa
├── [1.9K]  poc.py
└── [1.1K]  README.md

0 directories, 2 files

Remarks