CVE-2021-21403 PoC — Authentication Bypass by Primary Weakness in github.com/kongchuanhujiao/server

Source

https://github.com/5l1v3r1/CVE-2021-21403

Associated Vulnerability

Title:Authentication Bypass by Primary Weakness in github.com/kongchuanhujiao/server (CVE-2021-21403)
Description:In github.com/kongchuanhujiao/server before version 1.3.21 there is an authentication Bypass by Primary Weakness vulnerability. All users are impacted. This is fixed in version 1.3.21.

Description

Jellyfin系统任意文件读取漏洞批量扫描验证脚本。

Readme

# CVE-2021-21402
Jellyfin系统存在任意文件读取漏洞。


## 漏洞编号

CVE-2021-21402

## 工具利用

python3 CVE-2021-21402.py -u http://127.0.0.1:1111 单个url测试

python3 CVE-2021-21402.py -f url.txt 批量检测

![](./poc.png)

## exp利用

修改左边红框中文件目录及文件名即可下载服务器任意文件。
![](./exp.png)

## 免责声明

由于传播、利用此文所提供的信息而造成的任何直接或者间接的后果及损失，均由使用者本人负责，作者不为此承担任何责任。

File Snapshot


 [4.0K]  /data/pocs/6da48baa3293f53fc58c27d441ebd325d884667e
├── [3.1K]  CVE-2021-21402.py
├── [ 68K]  exp.png
├── [ 36K]  poc.png
└── [ 550]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!