CVE-2021-3138 PoC — Discourse 安全漏洞

Source

https://github.com/Mesh3l911/CVE-2021-3138

Associated Vulnerability

Title:Discourse 安全漏洞 (CVE-2021-3138)
Description:Discourse是一套开源的社区讨论平台。该平台包括社区、电子邮件和聊天室等功能。 Discourse 2.7.0 through beta1 存在安全漏洞，该漏洞源于2FA依赖于certain forms rate-limit。

Description

Discource POC

Readme

# ..| Discourse 2.7.0 - CVE-2021-3138 |..

# Description :
<br>
<b>Rate limit Bypass which leads to 2FA Bypass
</b><br>
<h1>Tested Version :</h1>
<br>
<b>2.7.0
</b><br>
<h1>Attack Type: </h1>
<br>
<b>Remote
</b>
<br>
<h1>Impact :<br></h1>
<b>2FA Bypass
</b><br>
<h1>Vendor of Product :</h1>
<br>
<b>https://www.discourse.org
</b><br>
<h1>Additional Information :</h1>
<b><br>
Discourse is discussion platform built for the next decade of the Internet .Used as:<br>
-mailing list<br>
-discussion forum<br>
-long-form chat room<br>
<br>
and there are well known companies such as Google acquisitions that have been using Discourse until this moment.
<br>
</b>
<h1>Discoverer :</h1>
<b><br>
Meshal Almansour<br>
Twitter: mesh3l_911
<br>
</b>

File Snapshot


 [4.0K]  /data/pocs/8a566b56751ec32b7ca360cbfe5da6e95ec19778
├── [1.9K]  exploit.py
├── [ 741]  README.md
└── [ 496]  Requests_number.py

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!