关联漏洞
描述
Proof of Concept exploit for CVE‑2021‑43857: Authenticated Remote Code Execution in Gerapy (<0.9.8). Updated and automated version of the original Exploit‑DB PoC for educational and authorized testing purposes only.
介绍
# Gerapy CVE-2021-43857 (Authenticated RCE)
This repository contains a proof of concept exploit for **CVE-2021-43857**,
a Remote Code Execution vulnerability affecting **Gerapy < 0.9.8**.
This is an **updated version** of the [original Exploit-DB PoC](https://www.exploit-db.com/exploits/50640),
with bug fixes and automation for easier reproduction in authorized testing environments.
⚠️ **Disclaimer**:
This code is published **for educational and authorized penetration testing only**.
Do not use against systems without explicit permission.
The author takes no responsibility for misuse.
## Features
- Automates login with default credentials
- Automatically creates a project (if needed)
- Sends reverse shell payload
- Starts a Netcat listener automatically
## Usage
```bash
python3 exploit.py -t <TARGET_IP> -p <TARGET_PORT> -L <LOCAL_IP> -P <LOCAL_PORT>
```
## Requirements
1. Python 3.x
2. requests and pyfiglet (pip install requests pyfiglet)
3. Netcat (nc)
文件快照
[4.0K] /data/pocs/536088ac45baa6a0b9353b7023130565d99d07f0
├── [4.5K] exploit.py
├── [1.0K] LICENSE
└── [ 998] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。