Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-39165 PoC — Github Cachet SQL注入漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-39165.yaml
Associated Vulnerability
Title:Github Cachet SQL注入漏洞 (CVE-2021-39165)
Description:Github Cachet是一个应用软件。一个开源状态页面系统。 Cachet 2.3.18之前版本存在SQL注入漏洞,未经身份验证的攻击者可以利用此漏洞从数据库中窃取敏感数据,例如管理员密码和会话。
Description
Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the `SearchableTrait#scopeSearch()`. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and session. The original repository of Cachet <https://github.com/CachetHQ/Cachet> is not active, the stable version 2.3.18 and it's developing 2.4 branch is affected.
File Snapshot

 id: CVE-2021-39165

info:
  name: Cachet <=2.3.18 - SQL Injection
  author: tess
  severity: medium


...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.