CVE-2021-42237 PoC — Sitecore 代码问题漏洞

Source

https://github.com/crankyyash/SiteCore-RCE-Detection

Associated Vulnerability

Title:Sitecore 代码问题漏洞 (CVE-2021-42237)
Description:Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.

Description

For detection of sitecore RCE - CVE-2021-42237

Readme

# SiteCore-RCE-Detection
For detection of sitecore RCE - CVE-2021-42237
Sitecore Experience Platform Pre-Auth RCE - CVE-2021-42237

Relies on sitecore version detection and response when a request is made to vulnerale Report.ashx via Get and Post.

The script takes a file containing list of urls in format www.url.com on each line.

Usage :
python3 check-for-sitecore-rce.py -h

python3 check-for-sitecore-rce.py -u urls.txt

May result in false positives if the web application handles ther error differently. Recommended to check pages with 200 responses.

PoCs

![3](https://user-images.githubusercontent.com/61792333/191764846-2a03beb2-5bdf-451e-9093-5e4662f941da.PNG)

![2](https://user-images.githubusercontent.com/61792333/191758706-9d6a80dd-4d14-404a-ae88-541e78e079b6.PNG)

Reference : https://blog.assetnote.io/2021/11/02/sitecore-rce/ , https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1000776

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!