CVE-2021-43495 PoC — Alquist 路径遍历漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-43495.yaml

Associated Vulnerability

Title:Alquist 路径遍历漏洞 (CVE-2021-43495)
Description:Alquist是一种先进的对话式 Ai 机器人。用于与人类就热门话题（如电影、体育、新闻等）进行有趣且引人入胜的对话。 Alquist Manager 存在安全漏洞，该漏洞源于软件当中alquist/IO/input.py文件中对于用户提交的路径数据缺少有效的过滤与转义，从而导致目录遍历漏洞，这种攻击会导致存储在系统任何地方的关键机密泄露，并且可能造成远程代码访问。

Description

AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability in alquist/IO/input.py. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access.

File Snapshot


 id: CVE-2021-43495

info:
  name: AlquistManager Local File Inclusion
  author: pikpikcu
  severity:

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!