.. / CVE-2021-39165

Exploit for Cachet <=2.3.18 - SQL Injection (CVE-2021-39165)

Description:

Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the SearchableTrait#scopeSearch(). Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator’s password and session. The original repository of Cachet https://github.com/CachetHQ/Cachet is not active, the stable version 2.3.18 and it’s developing 2.4 branch is affected.

Nuclei Template

View the template here CVE-2021-39165.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-39165.yaml

References:

https://github.com/fiveai/Cachet/security/advisories/GHSA-79mg-4w23-4fqc
https://github.com/W0rty/CVE-2021-39165/blob/main/exploit.py
https://www.leavesongs.com/PENETRATION/cachet-from-laravel-sqli-to-bug-bounty.html
https://github.com/fiveai/Cachet/commit/27bca8280419966ba80c6fa283d985ddffa84bb6
https://nvd.nist.gov/vuln/detail/CVE-2021-39165

.. / CVE-2021-39165 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Cachet <=2.3.18 - SQL Injection (CVE-2021-39165)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2021-39165