Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file which allows an unauthenticated user to execute arbitrary code via directory traversal

Last update: Nov 15, 2022

Overview

CVE-2021-40870 Exploitation

An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.

Modules need to Install

To run this project, you will need to add the following modules in your python

requests urllib3

Uses

To run this project you need to do the followings

  python3 poc.py https://site.com/

must include / at the end of the url

🔗 Links

VMware vCenter earlier v(7.0.2.00100) unauthorized arbitrary file read

vcenter_fileread_exploit VMware vCenter earlier v(7.0.2.00100) unauthorized arbitrary file read Usage python3 vCenter_fileread.py http(s)://ip Referen

4 Sep 23, 2022

This is a proof-of-concept exploit for Grafana's Unauthorized Arbitrary File Read Vulnerability (CVE-2021-43798).

CVE-2021-43798 – Grafana Exploit About This is a proof-of-concept exploit for Grafana's Unauthorized Arbitrary File Read Vulnerability (CVE-2021-43798

12 Nov 18, 2022

Exploit tool for Adminer 1.0 up to 4.6.2 Arbitrary File Read vulnerability

AdminerRead Exploit tool for Adminer 1.0 up to 4.6.2 Arbitrary File Read vulnerability Installation git clone https://github.com/p0dalirius/AdminerRea

58 Dec 5, 2022

An experimental script to perform bulk parsing of arbitrary file features with YARA and console logging.

RonnieColemanYARAParser This script is named after Ronnie Coleman, and peforms bulk lifts on arbitary file features using YARA console logging. Requir

20 Dec 13, 2022

This repo contain builders of cab file, html file, and docx file for CVE-2021-40444 exploit

CVE-2021-40444 builders This repo contain builders of cab file, html file, and docx file for CVE-2021-40444 exploit. This repo is just for testing, re

168 Nov 9, 2022

A Telegram Bot to force users to join a specific channel before sending messages in a group.

Promoter A Telegram Bot to force users to join a specific channel before sending messages in a group. Introduction A Telegram Bot to force users to jo

1 Jan 27, 2022

Fat-Stealer is a stealer that allows you to grab the Discord token from a user and open a backdoor in his machine.

21 Jan 1, 2023

Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service

Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service. This tool can help a digital forensic investigator to know the context, origin of specific files during a digital forensic investigation.

96 Dec 20, 2022

Springboot directory scanning

87 Dec 28, 2022

Releases(Aviatrix)

Aviatrix(Oct 8, 2021)

Source code(tar.gz)
Source code(zip)
poc.py(1.92 KB)

Owner

Ashraful Islam

Bug Bounty Hunting [Beginner] / Python Programmer [Basic] / CTF Player [Noob]

GitHub Repository

Obfuscate your python code into a string of integers. De-obfuscate also supported.

int-obfuscator Obfuscate your python code into a string of integers. De-obfuscate also supported. How it works: Each printable character gets replaced

6 Nov 13, 2022

Apache Flink 目录遍历漏洞批量检测 (CVE-2020-17519)

使用方法&免责声明该脚本为Apache Flink 目录遍历漏洞批量检测 (CVE-2020-17519)。使用方法：Python CVE-2020-17519.py urls.txt urls.txt 中每个url为一行，漏洞地址输出在vul.txt中影响版本： Apache Flink 1

45 Sep 21, 2022

SonicWALL SSL-VPN Web Server Vulnerable Exploit

44 Nov 15, 2022

Dependency injection in python with autoconfiguration

The base is a DynamicContainer to autoconfigure services using the decorators @services for regular services and @command_handler for using command pattern.

2 Jan 17, 2022

Data Recovery from your broken Android phone

Broken Phone Recovery a guide how to backup data from your locked android phone if you broke your screen (and more) you can skip some steps depending

25 Sep 23, 2022

CVE-2021-43798Exp多线程批量验证脚本

Grafana V8.*任意文件读取Exp--多线程批量验证脚本漏洞描述 Grafana是一个开源的度量分析与可视化套件。经常被用作基础设施的时间序列数据和应用程序分析的可视化，它在其他领域也被广泛的使用包括工业传感器、家庭自动化、天气和过程控制等。其 8.*版本任意文件读取漏洞，该漏洞目前为0d

2 Dec 16, 2021

Providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(CVE-2021-44228) in their AWS account.

We are providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(CVE-2021-44228) in their AWS account. The script enables security teams

13 Jan 04, 2022

Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file which allows an unauthenticated user to execute arbitrary code via directory traversal

Related tags

Overview

CVE-2021-40870 Exploitation

An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.

Modules need to Install

Uses

🔗 Links

You might also like...

VMware vCenter earlier v(7.0.2.00100) unauthorized arbitrary file read

This is a proof-of-concept exploit for Grafana's Unauthorized Arbitrary File Read Vulnerability (CVE-2021-43798).

Exploit tool for Adminer 1.0 up to 4.6.2 Arbitrary File Read vulnerability

An experimental script to perform bulk parsing of arbitrary file features with YARA and console logging.

This repo contain builders of cab file, html file, and docx file for CVE-2021-40444 exploit

A Telegram Bot to force users to join a specific channel before sending messages in a group.

Fat-Stealer is a stealer that allows you to grab the Discord token from a user and open a backdoor in his machine.

Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service

Springboot directory scanning

Releases(Aviatrix)

Aviatrix(Oct 8, 2021)

Owner

Ashraful Islam

Obfuscate your python code into a string of integers. De-obfuscate also supported.

Apache Flink 目录遍历漏洞批量检测 (CVE-2020-17519)

SonicWALL SSL-VPN Web Server Vulnerable Exploit

Dependency injection in python with autoconfiguration

Data Recovery from your broken Android phone

CVE-2021-43798Exp多线程批量验证脚本

Providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(CVE-2021-44228) in their AWS account.

Searches through git repositories for high entropy strings and secrets, digging deep into commit history

Fast python tool to test apache path traversal CVE-2021-41773 in a List of url

Android Malware Behavior Deleter

Discord Token Stealer Malware Protection

BOF-Roaster is an automated buffer overflow exploit machine which is begin written with Python 3.

一款针对向日葵的识别码和验证码提取工具

PKUAutoElective for 2021 spring semester

Python implementation for PrintNightmare (CVE-2021-1675 / CVE-2021-34527) using standard Impacket.

Program that mathematically generates and validates CPF numbers

CVE-2021-21985 VMware vCenter Server远程代码执行漏洞 EXP (更新可回显EXP)

Phishing-Crack tools to punish friends

MozDef: Mozilla Enterprise Defense Platform

BurpSuite Extension: Log4j2 RCE Scanner