CVE-2021-27513 PoC — EyesOfNetwork 代码问题漏洞

Source

https://github.com/ArianeBlow/CVE-2021-27513

Associated Vulnerability

Title:EyesOfNetwork 代码问题漏洞 (CVE-2021-27513)
Description:EyesOfNetwork（EON）是EyesOfNetwork社区的一套开源的、免费的IT监控解决方案。该方案提供业务流程配置工具、在活动队列中发生事件时生成弹出窗口等功能。 EyesOfNetwork 5.3-10 存在安全漏洞，该漏洞源于admin ITSM模块允许远程认证用户上传任意.xml.php文件，因为它依赖于“le filtre userside”。

Description

ITSM_Broken_control

Readme

# CVE-2021-27513
ITSM_Broken_control
```
# Exploit Title: EyesOfNetwork 5.3 - File Upload Remote Code Execution
# Date: 10/01/2021
# Exploit Author: Ariane.Blow
# Vendor Homepage: https://www.eyesofnetwork.com/en
# Software Link: http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x86_64-bin.iso
# Version: 5.3-10
```

File Snapshot


 [4.0K]  /data/pocs/3de3a59b30b0508b9070631d74de47445bcfe71e
├── [6.5K]  exploit_CVE-2021-27513.sh
└── [ 319]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!