Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-31607 PoC — SaltStack Salt 操作系统命令注入漏洞

Source
https://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/SaltStack%20Minion%20%E5%91%BD%E4%BB%A4%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%20CVE-2021-31607.md
Associated Vulnerability
Title:SaltStack Salt 操作系统命令注入漏洞 (CVE-2021-31607)
Description:SaltStack Salt是SaltStack公司的一套开源的用于管理基础架构的工具。该工具提供配置管理、远程执行等功能。 SaltStack Salt 2016.9 3002.6 版本及之前版本存在操作系统命令注入漏洞,该漏洞源于snap模块中存在一个命令注入漏洞,允许在minion上升级本地权限。
File Snapshot

 # SaltStack Minion 命令注入漏洞 CVE-2021-31607

## 漏洞描述

2021年4月28日,深信服安全团队监测到一则Salt组件存在 SaltStack Minion 

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.