CVE-2021-29156 PoC — Forgerock ForgeRock OpenAM 注入漏洞

Source

https://github.com/5amu/CVE-2021-29156

Associated Vulnerability

Title:Forgerock ForgeRock OpenAM 注入漏洞 (CVE-2021-29156)
Description:Forgerock ForgeRock OpenAM是美国ForgeRock（Forgerock）公司的一套开源的单点登录框架（SSO）。该框架通过提供核心的标识服务（CoreServer）以实现在一个网络架构中的透明单点登录（如集中式、分布式的单点登录）。 ForgeRock OpenAM before 13.5.1 存在注入漏洞，攻击者可利用该漏洞可以逐个字符地检索密码散列，或者检索会话令牌或私钥。

Description

Exploit for CVE-2021-29156

Readme

# CVE-2021-29156 done right

This Proof of Concept is realized because the other PoC publicly available is broken ✨

## Install

```
go install github.com/5amu/CVE-2021-29156@latest
```

## References

* [https://nvd.nist.gov/vuln/detail/CVE-2021-29156](https://nvd.nist.gov/vuln/detail/CVE-2021-29156)
* [https://portswigger.net/research/hidden-oauth-attack-vectors](https://portswigger.net/research/hidden-oauth-attack-vectors)
* [https://github.com/OpenIdentityPlatform/OpenAM/releases/tag/13.0.0](https://github.com/OpenIdentityPlatform/OpenAM/releases/tag/13.0.0)

File Snapshot


 [4.0K]  /data/pocs/7e782e9fa9f68c363de4ebd93ef81069ec11ac34
├── [4.0K]  CVE-2021-29156.go
├── [1.0K]  LICENSE
└── [ 570]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!