CVE-2021-30461 PoC — VoIPmonitor 代码注入漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-30461.yaml

Associated Vulnerability

Title:VoIPmonitor 代码注入漏洞 (CVE-2021-30461)
Description:VoIPmonitor是VoIPmonitor团队的一个开源网络数据包嗅探器。具有用于在 Linux 上运行的 SIP RTP RTCP SKINNY(SCCP) MGCP WebRTC VoIP 协议的商业前端。 VoIPmonitor web UI 24.61版本之前存在安全漏洞，该漏洞源于当使用recheck选项时，用户提供的SPOOLDIR值(可能包含PHP代码)会被注入到config configuration.php中。

Description

VoipMonitor prior to 24.61 is susceptible to remote code execution vulnerabilities because of its use of user supplied data via its web interface, allowing  remote unauthenticated users to trigger a remote PHP code execution vulnerability.

File Snapshot


 id: CVE-2021-30461

info:
  name: VoipMonitor <24.61 - Remote Code Execution
  author: shifacyclewal

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!