Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-41097 PoC — aurelia 代码注入漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-41097.yaml
Associated Vulnerability
Title:aurelia 代码注入漏洞 (CVE-2021-41097)
Description:aurelia是一个应用软件。一个基于标准的前端框架,专为高性能,雄心勃勃的应用程序而设计。 aurelia aurelia-path 存在代码注入漏洞,该漏洞源于 1.1.7 版本之前的 aurelia-path 中存在原型污染漏洞。 该漏洞暴露了使用 `aurelia-path` 包解析字符串的 Aurelia 应用程序。
Description
Aurelia-path before 1.1.7 contains a prototype pollution caused by parsing malicious URL parameters, letting attackers modify Object.prototype, exploit requires the application to parse user-controlled URLs.
File Snapshot

 id: CVE-2021-41097

info:
  name: Aurelia-Path < 1.1.7 - Prototype Pollution
  author: 0x_Akoko
  se

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.