Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

CVE-2021-25646 PoC — Authenticated users can override system configurations in their requests which allows them to execute arbitrary code.

Source
https://github.com/k7pro/CVE-2021-25646-exp
Associated Vulnerability
Title:Authenticated users can override system configurations in their requests which allows them to execute arbitrary code. (CVE-2021-25646)
Description:Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a specially-crafted request that forces Druid to run user-provided JavaScript code for that request, regardless of server configuration. This can be leveraged to execute code on the target machine with the privileges of the Druid server process.
Description
CVE-2021-25646 Apache Druid 远程代码执行 漏洞检测和利用工具
Readme
# CVE-2021-25646-exp
Apache druid CVE-2021-25646 远程代码执行漏洞检测、利用工具
输入域名或者ip:端口,可以进行漏洞检测

对检测到漏洞的目标可以进行命令执行利用
支持单个目标
支持从文档中按行读取多个目标
## (靶场演示)

## 漏洞检测
![image](https://github.com/user-attachments/assets/84b09fd6-09b5-4271-acbb-7d67650acced)

## 漏洞利用,执行 `id` 命令
![image](https://github.com/user-attachments/assets/41dec0be-5851-444a-b441-21443354cb5f)

## 反弹shell
反弹shell命令使用双引号括起来,不然会报错
少许卡顿之后,成功反弹shell
![image](https://github.com/user-attachments/assets/294e8c85-7383-4b02-9f0f-595d148447a7)
![image](https://github.com/user-attachments/assets/3fbb1404-dec7-4098-8746-e3afbe5e862e)
File Snapshot

 [4.0K]  /data/pocs/d292e623f325f1666002c1e17bf7468afc957f77
├── [4.0K]  color
│   ├── [ 20K]  color.go
│   ├── [ 13K]  color_test.go
│   ├── [ 504]  color_windows.go
│   ├── [4.2K]  doc.go
│   ├── [ 161]  go.mod
│   ├── [ 781]  go.sum
│   ├── [1.1K]  LICENSE.md
│   └── [5.0K]  README.md
├── [4.0K]  config
│   ├── [ 644]  banner.go
│   ├── [ 792]  file.go
│   └── [ 888]  welcome.go
├── [4.0K]  dict
│   └── [  11]  druid.txt
├── [ 216]  go.mod
├── [ 946]  go.sum
├── [ 114]  main.go
├── [ 828]  README.md
└── [4.0K]  vul
    └── [4.0K]  druid
        └── [4.9K]  druidScan.go

5 directories, 17 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →