POC详情: 3b7d9d61482ad1bc80c1af1e06e941de514bbee0

来源
https://github.com/erberkan/SonLogger-vulns
关联漏洞
标题: SonLogger 访问控制错误漏洞 (CVE-2021-27963)
描述:Sonlogger是土耳其 (Sonlogger)公司的一个应用软件。提供防火墙日志分析定位功能。 SonLogger before 6.4.1 存在安全漏洞,该漏洞允许未经身份验证的上传任意文件攻击者可以向/User/saveUser发送POST请求,而无需任何身份验证或会话标头。
描述
SonLogger Vulns (CVE-2021-27963, CVE-2021-27964)
介绍
## CVE-2021-27964 | SonLogger - Unauthenticated Arbitrary File Upload (Metasploit)

* Date: 30-01-2021
* Exploit Author: Berkan Er <b3rsec@protonmail.com>
* Vendor Homepage: https://www.sonlogger.com/
* Software Link: https://www.sonlogger.com/download
* Version: 4.2.3.3
* Tested on: Windows 10 Enterprise x64
* CVE: 2021-27964
* Disclosure Date: 01-03-2021

This module exploits an unauthenticated arbitrary file upload via insecure POST request. It has been tested on version 4.2.3.3 in Windows 10 Enterprise.

#### POC:
[![asciicast](https://asciinema.org/a/389082.svg)](https://asciinema.org/a/389082)

---

## CVE-2021-27963 | SonLogger - Insecure SuperAdmin Creation (Python)

* Date: 30-01-2021
* Exploit Author: Berkan Er <b3rsec@protonmail.com>
* Vendor Homepage: https://www.sonlogger.com/
* Software Link: https://www.sonlogger.com/download
* Version: 4.2.3.3
* Tested on: Windows 10 Enterprise x64
* CVE: 2021-27963
* Disclosure Date: 01-03-2021

This module exploit creates user with superadmin profile and shows some information about the application via insecure POST request. It has been tested on version 4.2.3.3 in Windows 10 Enterprise.

#### POC:
[![asciicast](https://asciinema.org/a/394640.svg)](https://asciinema.org/a/394640)
文件快照

 [4.0K]  /data/pocs/3b7d9d61482ad1bc80c1af1e06e941de514bbee0
├── [1.2K]  README.md
├── [4.3K]  sonlogger_arbitrary_fileupload.rb
└── [3.1K]  sonlogger-superadmin_create.py

0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。