CVE-2021-20837 PoC — Six Apart Movable Type 操作系统命令注入漏洞

Source

https://github.com/bb33bb/CVE-2021-20837

Associated Vulnerability

Title:Six Apart Movable Type 操作系统命令注入漏洞 (CVE-2021-20837)
Description:Six Apart Movable Type（MT）是美国Six Apart公司的一套博客系统。该系统包括多用户、评论、引用和主题等功能。 Movable Type XMLRPC 存在操作系统命令注入漏洞，远程未经身份验证的攻击者可以发送特制消息并在目标系统上执行任意操作系统命令。

Description

Unauthenticated RCE In MovableType

Readme

# CVE-2021-20837

Unauthenticated RCE In MovableType

File Snapshot


 [4.0K]  /data/pocs/cfcf19dbf1eb71411d0547ea8e4ffa6be9bbd4f2
├── [1.6K]  CVE-2021-20837.yaml
└── [  53]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!