.. / CVE-2021-41569

Exploit for SAS/Internet 9.4 1520 - Local File Inclusion (CVE-2021-41569)

Description:

SAS/Internet 9.4 build 1520 and earlier allows local file inclusion. The samples library (included by default) in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are passed to the DS2CSF macro.

Nuclei Template

View the template here CVE-2021-41569.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-41569.yaml

References:

https://www.mindpointgroup.com/blog/high-risk-vulnerability-discovery-localfileinclusion-sas
https://github.com/ARPSyndicate/kenzer-templates
https://nvd.nist.gov/vuln/detail/CVE-2021-41569
https://support.sas.com/kb/68/641.html

.. / CVE-2021-41569 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for SAS/Internet 9.4 1520 - Local File Inclusion (CVE-2021-41569)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2021-41569