Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-39174 PoC — Configuration leak

Source
https://github.com/n0kovo/CVE-2021-39174-PoC
Associated Vulnerability
Title:Configuration leak (CVE-2021-39174)
Description:Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can leak the value of any configuration entry of the dotenv file, e.g. the application secret (`APP_KEY`) and various passwords (email, database, etc). This issue was addressed in version 2.5.1 by improving `UpdateConfigCommandHandler` and preventing the use of nested variables in the resulting dotenv configuration file. As a workaround, only allow trusted source IP addresses to access to the administration dashboard.
Description
Cachet configuration leak dumper. CVE-2021-39174 PoC.
Readme
# CVE-2021-39174-PoC
Cachet configuration leak dumper. CVE-2021-39174 PoC.
File Snapshot

 [4.0K]  /data/pocs/3ae4c77e7f44c09bf092e3a31208d98eb3f90df5
├── [5.0K]  exploit.py
├── [ 34K]  LICENSE
└── [  75]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →