CVE-2021-43857 PoC — Gerapy 操作系统命令注入漏洞

Source

https://github.com/lowkey0808/CVE-2021-43857

Associated Vulnerability

Title:Gerapy 操作系统命令注入漏洞 (CVE-2021-43857)
Description:Gerapy是一款基于Scrapy、Scrapyd、Django和Vue.js的分布式爬虫管理框架。 Gerapy 0.9.8之前版本存在操作系统命令注入漏洞，该漏洞源于软件对于系统命令缺少有效的过滤和转义，导致容易受到远程代码执行的影响。

Description

CVE-2021-43857(gerapy命令执行)

Readme

# CVE-2021-43857
CVE-2021-43857(gerapy命令执行)
# 免责声明
```
脚本仅供学习参考，请勿恶意攻击他人网站，
如违法乱纪，造成一切后果由使用者自行承担
技术无罪，与作者无关


使用脚本默认同意以上说明！
                    --Author:lowkey0808
```


# 使用方式

```
  -h, --help  show this help message and exit
  -u          url
  -U          登录用户
  -P          登录密码
  -r          反弹shellIP
  -p          反弹端口
```
![图片](https://user-images.githubusercontent.com/49674960/165203227-c8c1b3ca-a3c3-44f7-8183-aa00521892d8.png)

File Snapshot


 [4.0K]  /data/pocs/b9beda305498d4fa3f1a1cb2460564f334a70469
├── [2.4K]  CVE-2021-43857.py
└── [ 622]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!