CVE-2021-32849 PoC — Gerapy 命令注入漏洞

Source

https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Gerapy%20clone%20%E5%90%8E%E5%8F%B0%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2021-32849.md

Associated Vulnerability

Title:Gerapy 命令注入漏洞 (CVE-2021-32849)
Description:Gerapy是一款基于Scrapy、Scrapyd、Django和Vue.js的分布式爬虫管理框架。 Gerapy 存在安全漏洞，该漏洞源于经过身份验证的用户可以执行任意命令。

File Snapshot


 # Gerapy clone 后台远程命令执行漏洞 CVE-2021-32849

## 漏洞描述

近日，我司应急团队监测到关于Gerapy 0.9.6和之前的版本中存在注入漏洞，漏洞编号：CVE-

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.