POC详情: 7791cccf73fad3aee830d31bbdb717fca90750f3

来源
https://github.com/fazilbaig1/CVE-2021-32708
关联漏洞
标题: thephpleague flysystem 代码注入漏洞 (CVE-2021-32708)
描述:Flysystem是一个开源文件存储库。 thephpleague flysystem存在代码注入漏洞,该漏洞源于在某些特定条件下,flysystem可能允许恶意用户远程执行代码。
描述
Affected versions of this package are vulnerable to Race Condition. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely.
介绍
# CVE-2021-32708
Affected versions of this package are vulnerable to Race Condition. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely.
How the Exploit Works

Unicode Bypass: The filename exploit\u202Ephp.txt uses the Right-to-Left Override (RLO) character to disguise the file extension.

Malicious File Upload: The file is uploaded and stored on the server.

Payload Execution: If the server allows code execution in the uploads directory, the attacker can run the PHP payload remotely.
文件快照

 [4.0K]  /data/pocs/7791cccf73fad3aee830d31bbdb717fca90750f3
├── [1.1K]  CVE-2021-32708_exploit.py
├── [1.0K]  CVE-2021-32708_scanner.py
└── [ 626]  README.md

0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。