CVE-2021-43287 PoC — ThoughtWorks GoCD 信息泄露漏洞

Source

https://github.com/Wrin9/CVE-2021-43287

Associated Vulnerability

Title:ThoughtWorks GoCD 信息泄露漏洞 (CVE-2021-43287)
Description:ThoughtWorks GoCD是美国ThoughtWorks公司的一个免费和开源的 CI/CD 服务器。 ThoughtWorks GoCD 21.3.0之前版本存在安全漏洞，有权在 GoCD 服务器上创建新管道的攻击者可以滥用 Git URL“测试连接”功能中的命令行注入利用该漏洞来执行任意代码。

Description

CVE-2021-43287_GoCD_fileread_POC_EXP

Readme

# CVE-2021-43287

POC:
pocsuite -r CVE-2021-43287_GoCD_fileread_POC_EXP -u url
![POC](https://user-images.githubusercontent.com/54984589/167235288-3fbabaa3-5f6b-4d88-b84d-933f5072ca04.gif)
EXP:
pocsuite -r CVE-2021-43287_GoCD_fileread_POC_EXP -u url --attack --command "[command]"
![EXP](https://user-images.githubusercontent.com/54984589/167235311-88ac7672-d972-40a4-9a38-7037e82ecbaa.gif)





# 免责声明
## 此工具仅用于学习、研究和自查。不应将其用于非法目的。使用本工具产生的一切风险与我无关！
# Disclaimer
## This tool is for study, research, and self-examination only. It should not be used for illegal purposes. All risks arising from the use of this tool have nothing to do with me!

File Snapshot


 [4.0K]  /data/pocs/c898feee825cf4ed3c3d0e1f588e87bf617b7018
├── [3.4K]  CVE-2021-43287_GoCD_fileread_POC_EXP.py
└── [ 737]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!