Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-35488 PoC — Thruk 跨站脚本漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-35488.yaml
Associated Vulnerability
Title:Thruk 跨站脚本漏洞 (CVE-2021-35488)
Description:Thruk是德国Sven Nierlein个人开发者的一个开源的多后端监控网络界面。 Thruk 2.40-2存在安全漏洞,攻击者可以将任意 JavaScript 注入 status.cgi。每次经过身份验证的用户浏览包含它的页面时,都会触发有效负载。
Description
Thruk 2.40-2 contains a cross-site scripting vulnerability via /thruk/#cgi-bin/status.cgi?style=combined&title={TITLE] in the host or title parameter. An attacker can inject arbitrary JavaScript into status.cgi, leading to a triggered payload when accessed by an authenticated user.
File Snapshot

 id: CVE-2021-35488

info:
  name: Thruk 2.40-2 - Cross-Site Scripting
  author: arafatansari
  sever

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.