Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-27964 PoC — Sonlogger 代码问题漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-27964.yaml
Associated Vulnerability
Title:Sonlogger 代码问题漏洞 (CVE-2021-27964)
Description:Sonlogger是土耳其 (Sonlogger)公司的一个应用软件。提供防火墙日志分析定位功能。 SonLogger before 6.4.1 存在安全漏洞,该漏洞允许未经身份验证的上传任意文件。攻击者可以向/Config/SaveUploadedHotspotLogoFile发送POST请求,而无需任何身份验证或会话标头。
Description
SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to /Config/SaveUploadedHotspotLogoFile without any authentication or session header. There is no check for the file extension or content of the uploaded file.
File Snapshot

 id: CVE-2021-27964

info:
  name: SonLogger - Arbitrary File Upload
  author: DhiyaneshDK
  severity

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.