CVE-2021-42949 PoC — HotelDruid 授权问题漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/unauth-hoteldruid-panel.yaml

Associated Vulnerability

Title:HotelDruid 授权问题漏洞 (CVE-2021-42949)
Description:HotelDruid是Digitaldruid.net团队的一套酒店管理系统。该系统包括客房管理、财务管理和库存管理等功能。 HotelDruid Hotel Management Software v3.0.3版本存在授权问题漏洞，该漏洞源于controlla_login函数会生成可预测的会话令牌。攻击者利用该漏洞通过暴力攻击绕过身份验证。

Description

A vulnerability in Hoteldruid Panel allows remote unauthenticated users access to the management portal without authentication.

File Snapshot


 id: unauth-hoteldruid-panel

info:
  name: Hoteldruid Management Panel Access
  author: princechaddh

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!