CVE-2021-39165 PoC — Github Cachet SQL注入漏洞

Source

https://github.com/manbolq/CVE-2021-39165

Associated Vulnerability

Title:Github Cachet SQL注入漏洞 (CVE-2021-39165)
Description:Github Cachet是一个应用软件。一个开源状态页面系统。 Cachet 2.3.18之前版本存在SQL注入漏洞，未经身份验证的攻击者可以利用此漏洞从数据库中窃取敏感数据，例如管理员密码和会话。

Description

Python3 POC for CVE-2021-39165 in CachetHQ

Readme

# CVE-2021-39165
Python3 POC for CVE-2021-39165 in CachetHQ


# Usage
First of all, you should install the dependencies:

```bash
pip3 install -r requirements.txt
```

If you want to check whether the victim URL is vulnerable or not, you can execute:

```bash
python3 exploit.py -u <URL> -c
```

If you want to know the output of a MySQL query, you can execute:

```bash
python3 exploit.py -u <URL> -q <QUERY>
```

**Note**: You should write a query whose output is a one-liner for the script to work properly :)

You can also check the help panel by typing:

```bash
python3 exploit.py -h
```

File Snapshot


 [4.0K]  /data/pocs/6a9e86d9b76f0ae390ec2e36e850c7600f6dd08d
├── [3.5K]  exploit.py
├── [ 594]  README.md
└── [  27]  requirements.txt

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!