CVE-2021-45420 PoC — Emerson Xweb-500 授权问题漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-45420.yaml

Associated Vulnerability

Title:Emerson Xweb-500 授权问题漏洞 (CVE-2021-45420)
Description:Emerson Xweb-500是美国Emerson公司的一个基于 Web 服务器技术的数据记录和远程监控系统。 Emerson Xweb-500 存在安全漏洞，该漏洞源于Emerson Dixell XWEB-500产品受到/cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, 和 /cgi-bin/lo_utils.cgi 任意文件写入漏洞的影响。攻击者可利用该漏洞在没有任何身份验证机制的情况下向目标系统写入任何文件，这可能导致拒绝服务和可能的远程

Description

Emerson Dixell XWEB-500 contains an arbitrary file write caused by unauthenticated access to /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi, letting attackers write any file on the system, exploit requires no authentication.

File Snapshot


 id: CVE-2021-45420

info:
  name: Emerson Dixell XWEB-500 - Arbitrary File Write
  author: hackerarp

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!