Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-33026 PoC — Pallets Project Flask 代码问题漏洞

Source
https://github.com/Agilevatester/FlaskCache_CVE-2021-33026_POC
Associated Vulnerability
Title:Pallets Project Flask 代码问题漏洞 (CVE-2021-33026)
Description:Pallets Project Flask是Pallets项目的一款轻量级的WSGI(Web服务器网关接口)应用程序框架。 Flask 1.10.1版本存在代码问题漏洞。该漏洞源于程序扩展依赖于Pickle进行序列化,这可能导致远程执行代码或本地特权升级。
File Snapshot

 [4.0K]  /data/pocs/aee39fe5bfb326a88a1881e85ddbc1635f89cbb0
├── [2.3K]  app.py
├── [2.1K]  cve-2021-33026_PoC.py
├── [  82]  payload_requirements.txt
├── [1.1K]  readme.txt
├── [  74]  requirements_1_11_0.txt
├── [  50]  requirements_2_3_0.txt
└── [4.0K]  screenshots
    ├── [128K]  Flask App_Cache_1_11_0_Exploit.jpg
    ├── [ 90K]  Flask App_Cache_2_3_0_Exploit.jpg
    ├── [109K]  Flask App_Cache_Request.jpg
    └── [ 84K]  Flask App _ Redis_NetCat.jpg

1 directory, 10 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.