.. / CVE-2021-35380

Exploit for TermTalk Server 3.24.0.2 - Local File Inclusion (CVE-2021-35380)

Description:

TermTalk Server (TTServer) 3.24.0.2 is vulnerable to file inclusion which allows unauthenticated malicious user to gain access to the files on the remote system by providing the relative path of the file they want to retrieve.

Nuclei Template

View the template here CVE-2021-35380.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-35380.yaml

References:

https://nvd.nist.gov/vuln/detail/CVE-2021-35380
https://www.swascan.com/solari-di-udine/
https://www.swascan.com/it/security-blog/
https://github.com/anonymous364872/Rapier_Tool
https://www.exploit-db.com/exploits/50638

.. / CVE-2021-35380 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for TermTalk Server 3.24.0.2 - Local File Inclusion (CVE-2021-35380)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2021-35380