.. / CVE-2021-37580

Exploit for Apache ShenYu Admin JWT - Authentication Bypass (CVE-2021-37580)

Description:

Apache ShenYu 2.3.0 and 2.4.0 allow Admin access without proper authentication. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication.

Nuclei Template

View the template here CVE-2021-37580.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-37580.yaml

References:

http://www.openwall.com/lists/oss-security/2021/11/16/1
https://github.com/fengwenhua/CVE-2021-37580
https://github.com/ARPSyndicate/kenzer-templates
https://lists.apache.org/thread/o15j25qwtpcw62k48xw1tnv48skh3zgb
https://nvd.nist.gov/vuln/detail/CVE-2021-37580

.. / CVE-2021-37580 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Apache ShenYu Admin JWT - Authentication Bypass (CVE-2021-37580)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2021-37580