.. / CVE-2021-28073

Exploit for Ntopng Authentication Bypass (CVE-2021-28073)

Description:

Ntopng, a passive network monitoring tool, contains an authentication bypass vulnerability in ntopng <= 4.2

Nuclei Template

View the template here CVE-2021-28073.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-28073.yaml

References:

http://noahblog.360.cn/ntopng-multiple-vulnerabilities/
https://nvd.nist.gov/vuln/detail/CVE-2021-27573
https://github.com/AndreaOm/docs/blob/c27d2db8dbedb35c9e69109898aaecd0f849186a/wikipoc/PeiQi_Wiki/%E6%9C%8D%E5%8A%A1%E5%99%A8%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/HongKe/HongKe%20ntopng%20%E6%B5%81%E9%87%8F%E5%88%86%E6%9E%90%E7%B3%BB%E7%BB%9F%20%E6%9D%83%E9%99%90%E7%BB%95%E8%BF%87%E6%BC%8F%E6%B4%9E%20CVE-2021-28073.md