.. / CVE-2020-15227

Exploit for Nette Framework - Remote Code Execution (CVE-2020-15227)

Description:

Nette Framework versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, and 3.0.6 are vulnerable to a code injection attack via specially formed parameters being passed to a URL. Nette is a PHP/Composer MVC Framework.

Nuclei Template

View the template here CVE-2020-15227.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-15227.yaml

References:

https://nvd.nist.gov/vuln/detail/CVE-2020-15227
https://packagist.org/packages/nette/application
https://github.com/nette/application/security/advisories/GHSA-8gv3-3j7f-wg94
https://github.com/Mr-xn/Penetration_Testing_POC/blob/02546075f378a9effeb6426fc17beb66b6d5c8ee/books/Nette%E6%A1%86%E6%9E%B6%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C(CVE-2020-15227).md
https://lists.debian.org/debian-lts-announce/2021/04/msg00003.html

.. / CVE-2020-15227 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Nette Framework - Remote Code Execution (CVE-2020-15227)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2020-15227