CVE-2021-30461 PoC — VoIPmonitor 代码注入漏洞

Source

https://github.com/Al1ex/CVE-2021-30461

Associated Vulnerability

Title:VoIPmonitor 代码注入漏洞 (CVE-2021-30461)
Description:VoIPmonitor是VoIPmonitor团队的一个开源网络数据包嗅探器。具有用于在 Linux 上运行的 SIP RTP RTCP SKINNY(SCCP) MGCP WebRTC VoIP 协议的商业前端。 VoIPmonitor web UI 24.61版本之前存在安全漏洞，该漏洞源于当使用recheck选项时，用户提供的SPOOLDIR值(可能包含PHP代码)会被注入到config configuration.php中。

Description

CVE-2021-30461

Readme

### Impacted Products

VoIPmonitor < 24.60

### How to RCE

```
python3 CVE-2021-30461.py -t ip_address
```

![rce](img/exp.png)

Browser shell:

```
http://x.x.x.x/namrlblgel.php?a=whoami
```

![shell](img/shell.png)

### Reference

https://ssd-disclosure.com/ssd-advisory-voipmonitor-unauth-rce/

File Snapshot


 [4.0K]  /data/pocs/e3012af937334f54707c870a36f42e75a6776b14
├── [2.8K]  CVE-2021-30461.py
├── [4.0K]  img
│   ├── [ 91K]  exp.png
│   └── [ 15K]  shell.png
└── [ 323]  README.md

1 directory, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!