CVE-2021-34427 PoC — Eclipse BIRT 代码问题漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-34427.yaml

Associated Vulnerability

Title:Eclipse BIRT 代码问题漏洞 (CVE-2021-34427)
Description:Eclipse BIRT是Eclipse基金会的一套为富客户端应用和Web应用提供报表和商业智能功能的开源软件。 Eclipse BIRT 存在代码问题漏洞，该漏洞源于在Eclipse BIRT版本4.8.0及更早的版本中，可以使用查询参数创建一个可以从远程(当前BIRT查看器dir)访问的JSP文件。攻击者可利用该漏洞将JSP代码注入到运行的实例中。

Description

Eclipse BIRT versions 4.8.0 and earlier contain a JSP injection caused by query parameters, letting remote attackers create and access malicious JSP files in the viewer directory, exploit requires sending crafted query parameters.

File Snapshot


 id: CVE-2021-34427

info:
  name: Eclipse BIRT Viewer - Remote Code Execution
  author: us3r777,Syna

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!