.. / CVE-2021-29006

Exploit for rConfig 3.9.6 - Local File Inclusion (CVE-2021-29006)

Description:

rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. An authenticated user may successfully download any file on the server.

Nuclei Template

View the template here CVE-2021-29006.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-29006.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2021-29006
http://rconfig.com
https://github.com/mrojz/rconfig-exploit/blob/main/CVE-2021-29006-POC.py