CVE-2021-26814 PoC — Wazuh 路径遍历漏洞

Source

https://github.com/WickdDavid/CVE-2021-26814

Associated Vulnerability

Title:Wazuh 路径遍历漏洞 (CVE-2021-26814)
Description:Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to execute arbitrary code with administrative privileges via /manager/files URI. An authenticated user to the service may exploit incomplete input validation on the /manager/files API to inject arbitrary code within the API service script.

Description

A simple python PoC to exploit CVE-2021-26814 and gain RCE on Wazuh Manager (v.4.0.0-4.0.3) through the API service.

Readme

# CVE-2021-26814

A simple python PoC to exploit **CVE-2021-26814** and gain RCE on **Wazuh Manager** (v.4.0.0-4.0.3) through the API service.

To run it, simply make the .py script executable and launch it with the required parameters.

```
PoC.py [-h] -user USERNAME -pwd PASSWORD -lip SRCIP -lport SRCPORT -tip
              DESTIP -tport DESTPORT
```

**WARNING**: the `wazuh-apid.py` file on the manager **WILL BE CHANGED!** In order to restore the original version after the exploit is completed, a local file called `backup.py` is created.

## Authors

**Davide Meacci** - [Twitter](https://twitter.com/WickdDavid)

## License

This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details

File Snapshot


 [4.0K]  /data/pocs/449c0514f81fcc6dc746aadea27786fd9d7286ce
├── [1.0K]  LICENSE.md
├── [3.9K]  PoC.py
└── [ 728]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!