.. / CVE-2021-30497

Exploit for Ivanti Avalanche 6.3.2 - Local File Inclusion (CVE-2021-30497)

Description:

Ivanti Avalanche 6.3.2 is vulnerable to local file inclusion because it allows remote unauthenticated user to access files that reside outside the ‘image’ folder.

Nuclei Template

View the template here CVE-2021-30497.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-30497.yaml

References:

https://nvd.nist.gov/vuln/detail/CVE-2021-30497
https://help.ivanti.com/wl/help/en_us/aod/5.4/Avalanche/Console/Launching_the_Avalanche.htm
https://ssd-disclosure.com/ssd-advisory-ivanti-avalanche-directory-traversal/
https://github.com/StarCrossPortal/scalpel
https://forums.ivanti.com/s/article/Security-Alert-CVE-2021-30497-Directory-Traversal-Vulnerability?language=en_US
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30497

.. / CVE-2021-30497 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Ivanti Avalanche 6.3.2 - Local File Inclusion (CVE-2021-30497)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2021-30497