.. / CVE-2021-3293

Exploit for emlog 5.3.1 Path Disclosure (CVE-2021-3293)

Description:

emlog v5.3.1 is susceptible to full path disclosure via t/index.php, which allows an attacker to see the path to the webroot/file.

Nuclei Template

View the template here CVE-2021-3293.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-3293.yaml
Copy

References:

https://github.com/thinkgad/Bugs/blob/main/emlog%20v5.3.1%20has%20Full%20Path%20Disclosure%20vulnerability.md
https://github.com/20142995/Goby
https://github.com/emlog/emlog/issues/62
https://github.com/Z0fhack/Goby_POC
https://nvd.nist.gov/vuln/detail/CVE-2021-3293