.. / CVE-2021-34805

Exploit for FAUST iServer 9.0.018.018.4 - Local File Inclusion (CVE-2021-34805)

Description:

FAUST iServer before 9.0.019.019.7 is susceptible to local file inclusion because for each URL request it accesses the corresponding .fau file on the operating system without preventing %2e%2e%5c directory traversal.

Nuclei Template

View the template here CVE-2021-34805.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-34805.yaml

References:

http://www.land-software.de/lfs.fau?prj=iweb&dn=faust+iserver
https://nvd.nist.gov/vuln/detail/CVE-2021-34805
https://cxsecurity.com/issue/WLB-2022010120
https://github.com/20142995/Goby
http://packetstormsecurity.com/files/165701/FAUST-iServer-9.0.018.018.4-Local-File-Inclusion.html

.. / CVE-2021-34805 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for FAUST iServer 9.0.018.018.4 - Local File Inclusion (CVE-2021-34805)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2021-34805