Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-31856 PoC — meshery SQL注入漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-31856.yaml
Associated Vulnerability
Title:meshery SQL注入漏洞 (CVE-2021-31856)
Description:meshery是一个应用软件。一种多服务网格管理平面,提供服务网格及其工作负载的生命周期,配置和性能管理。 Layer5 Meshery 0.5.2 存在SQL注入漏洞,该漏洞允许攻击者可利用该漏洞通过实验模式文件端点执行任意SQL命令。
Description
Layer5 Meshery 0.5.2 contains a SQL injection vulnerability in the REST API that allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint (order parameter in GetMesheryPatterns in models/meshery_pattern_persister.go).
File Snapshot

 id: CVE-2021-31856

info:
  name: Layer5 Meshery 0.5.2 - SQL Injection
  author: princechaddha
  sev

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.