Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-21239 PoC — Idpy Pysaml2 数据伪造问题漏洞

Source
https://github.com/GrantBirki/redash-vulnerable
Associated Vulnerability
Title:Idpy Pysaml2 数据伪造问题漏洞 (CVE-2021-21239)
Description:Idpy Pysaml2是Idpy社区的一个基于Python的SAML服务器实现。 Idpy PySAML2 before 6.5.0 存在数据伪造问题漏洞,该漏洞源于加密签名验证错误。
Description
A Dockerized Redash instance that is vulnerable to CVE-2021-21239
Readme
# redash-vulnerable 🐛

A Dockerized Redash instance that is vulnerable to [`CVE-2021-21239`](https://nvd.nist.gov/vuln/detail/CVE-2021-21239) as written about by [Calif](https://blog.calif.io/p/redash-saml-authentication-bypass).

## Usage 💻

### Starting the server (preserving data)

```bash
script/server
```

This will start the Redash server using Docker Compose in detached mode, preserving any existing data. The server will be available at [`http://localhost:8080`](http://localhost:8080/setup).

### Starting fresh (destroying all data)

```bash
script/server --destroy
```

This will destroy all existing containers, volumes, and data directories, then rebuild everything from scratch. Use this when you want to start completely fresh.

**Note:** The `--destroy` flag will permanently delete all your Redash data, including dashboards, queries, users, and database content.
File Snapshot

 [4.0K]  /data/pocs/a1c7a109284214557bc9843aec0ea414b6fbdadd
├── [1.5K]  docker-compose.yml
├── [4.0K]  docs
│   └── [1.0K]  poc.md
├── [ 14K]  poc.py
├── [ 890]  README.md
└── [4.0K]  script
    ├── [2.7K]  bootstrap
    ├── [ 878]  env
    └── [3.4K]  server

2 directories, 7 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.