Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

POC Details: 41a82f1cf6aa41d98c8684cf5d31a9bc74f8210f

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/dagu-rce.yaml
Associated Vulnerability

Likely 0-day

Description
Dagu (<= 1.30.3) ships with authentication disabled by default. The POST /api/v2/dag-runs endpoint accepts inline YAML DAG specifications and immediately executes shell commands without credentials.
File Snapshot

 id: dagu-rce

info:
  name: Dagu Workflow Engine - Remote Code Execution
  author: omarkurt
  severi

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.