CVE-2021-21425

Related Files

GravCMS 1.10.7 Arbitrary YAML Write / Update

Posted Nov 14, 2024

Site github.com

Proof of concept remote code execution exploit for GravCMS 1.10.7 that leverages an arbitrary YAML write / update.

tags | exploit, remote, arbitrary, code execution, proof of concept

advisories | CVE-2021-21425

SHA-256 | 5cb1696418ca010542d02a039fd2e7ced0fb5abc292d2bf9e447350af4776e32

Download | Favorite | View

GravCMS 1.10.7 Remote Command Execution

Posted May 4, 2021

Authored by Mehmet Ince | Site metasploit.com

This Metasploit module exploits an arbitrary config write/update vulnerability to achieve remote code execution. Unauthenticated users can execute a terminal command under the context of the web server user. Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of the administrator controller without needing any credentials. Particular method execution will result in arbitrary YAML file creation or content change of existing YAML files on the system. Successfully exploitation of that vulnerability results in configuration changes, such as general site information change, custom scheduler job definition, etc. Due to the nature of the vulnerability, an adversary can change some part of the webpage, or hijack an administrator account, or execute operating system commands under the context of the web-server user.

tags | exploit, remote, web, arbitrary, code execution

advisories | CVE-2021-21425

SHA-256 | 98b7fd4e5a9eac0e57bc304d77db3533d90d58846a9eac785a65d9954b59c324

Download | Favorite | View

GravCMS 1.10.7 Remote Command Execution

Posted Apr 21, 2021

Authored by Mehmet Ince | Site metasploit.com

This Metasploit module exploits an arbitrary configuration write/update vulnerability to achieve remote code execution. Unauthenticated users can execute a terminal command under the context of the web server user. Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method execution will result in arbitrary YAML file creation or content change of existing YAML files on the system. Successfully exploitation of that vulnerability results in configuration changes, such as general site information change, custom scheduler job definition, etc. Due to the nature of the vulnerability, an adversary can change some part of the webpage, or hijack an administrator account, or execute operating system command under the context of the web-server user.

tags | exploit, remote, web, arbitrary, code execution

advisories | CVE-2021-21425

SHA-256 | abded99044d29ee61fd87425114e92d627cb24bfd4a08cbdc45f77650c84534d

Download | Favorite | View