Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-23241 PoC — Mercusys Mercury X18G 路径遍历漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-23241.yaml
Associated Vulnerability
Title:Mercusys Mercury X18G 路径遍历漏洞 (CVE-2021-23241)
Description:Mercusys Mercury X18G是中国Mercusys公司的一款路由器。 MERCUSYS Mercury X18G 1.0.5 存在路径遍历漏洞,攻击者可利用该漏洞进行目录遍历。
Description
MERCUSYS Mercury X18G 1.0.5 devices are vulnerable to local file inclusion via ../ in conjunction with a loginLess or login.htm URI (for authentication bypass) to the web server, as demonstrated by the /loginLess/../../etc/passwd URI.
File Snapshot

 id: CVE-2021-23241

info:
  name: MERCUSYS Mercury X18G 1.0.5 Router - Local File Inclusion
  author

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.