CVE-2021-36750 PoC — Enc Security Enc DataVault 信息泄露漏洞

Source

https://github.com/mamba-4-ever/CVE-2021-36750

Associated Vulnerability

Title:Enc Security Enc DataVault 信息泄露漏洞 (CVE-2021-36750)
Description:Enc Security Enc DataVault是荷兰Enc Security公司的一种解决方案。将任何 Usb 驱动器变成一个安全的可移动磁盘，用于存放重要文件。 Enc Security ENC DataVault 7.1.1W 存在信息泄露漏洞，该漏洞源于 VaultAPI v67 错误地处理了密钥派生，使攻击者更容易确定所有 DataVault 用户的密码（跨以多个品牌出售的 USB 驱动器）。

Readme

# CVE-2021-36749

About -

In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not an elevation of privilege when users access Druid directly, since Druid also provides the Local InputSource, which allows the same level of access. But it is problematic when users interact with Druid indirectly through an application that allows users to specify the HTTP InputSource, but not the Local InputSource. In this case, users could bypass the application-level restriction by passing a file URL to the HTTP InputSource. This issue was previously mentioned as being fixed in 0.21.0 as per CVE-2021-26920 but was not fixed in 0.21.0 or 0.21.1.


```
execute - CVE-2021-36749.py http://ip:port
```

File Snapshot


 [4.0K]  /data/pocs/93dd77d44d7e4f76551df20158c00fa776c49182
├── [2.1K]  CVE-2021-36749.py
└── [ 929]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!