CVE-2021-42261 PoC — Revisor Video Management System 路径遍历漏洞

Source

https://github.com/jet-pentest/CVE-2021-42261

Associated Vulnerability

Title:Revisor Video Management System 路径遍历漏洞 (CVE-2021-42261)
Description:Revisor Video Management System（Revisor Vms）是俄罗斯Revisor公司的一款专业的 Ip 视频监控系统搭建软件。 Revisor Video Management System (VMS) 2.0.0 之前版本存在安全漏洞，该漏洞允许攻击者利用该漏洞遍历文件系统，以访问远程服务器上受限制目录之外的文件或目录。这可导致敏感数据泄露。

Description

CVE-2021-42261

Readme

# CVE-2021-42261

## [Suggested description]
Revisor Video Management System (VMS) before 2.0.0 has a directory traversal vulnerability. Successful exploitation could allow an attacker to traverse the file system to access files or directories that are outside of restricted directory on the remote server. This could lead to the disclosure of sensitive data on the vulnerable server.

## [Vulnerability Type]
Directory Traversal

## [Vendor of Product]
Revisor Lab

## [Affected Product Code Base]
Revisor VMS < 2.0.0

## [Affected Component]
Web-Server

## [Attack Type]
Remote

## [Has vendor confirmed or acknowledged the vulnerability?]
true

## [Impact Information Disclosure]
true

## [Reference]
https://revisorlab.com/

## [Discoverer]
Vladimir Rotanov (Jet Infosystems (jet.su), Moscow, Russia)

File Snapshot


 [4.0K]  /data/pocs/a609c99f4186bee7a2943f496d2679340d3ff59e
└── [ 805]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!