.. / CVE-2021-3374

Exploit for Rstudio Shiny Server <1.5.16 - Local File Inclusion (CVE-2021-3374)

Description:

Rstudio Shiny Server prior to 1.5.16 is vulnerable to local file inclusion and source code leakage. This can be exploited by appending an encoded slash to the URL.

Nuclei Template

View the template here CVE-2021-3374.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-3374.yaml

References:

https://github.com/ARPSyndicate/cvemon
https://github.com/colemanjp/shinyserver-directory-traversal-source-code-leak
https://nvd.nist.gov/vuln/detail/CVE-2021-3374
https://blog.rstudio.com/2021/01/13/shiny-server-1-5-16-update/
https://github.com/ARPSyndicate/kenzer-templates

.. / CVE-2021-3374 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Rstudio Shiny Server <1.5.16 - Local File Inclusion (CVE-2021-3374)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2021-3374