CVE-2021-20837

This Metasploit module exploits a command injection vulnerability in Movable Type's XMLRPC API (CVE-2021-20837) by sending a crafted XML payload containing a base64-encoded command. The exploit checks for vulnerability by verifying the presence of a fingerprint in the response and executes the payload if vulnerable.

This repository contains a functional Metasploit module for CVE-2021-20837, which exploits a remote command injection vulnerability in Movable Type's XMLRPC API. The exploit crafts a malicious XML payload to execute arbitrary commands via the `mt.handler_to_coderef` method.

This repository contains a functional Metasploit module for CVE-2021-20837, which exploits a remote command injection vulnerability in Movable Type's XMLRPC API. The exploit crafts a malicious XML payload to execute arbitrary commands via the `mt.handler_to_coderef` method.

This repository contains a functional Metasploit module for CVE-2021-20837, which exploits a remote command injection vulnerability in Movable Type's XMLRPC API. The exploit crafts a malicious XML payload to execute arbitrary commands via the `mt.handler_to_coderef` method.

This repository contains a functional exploit for CVE-2021-20837, an unauthenticated RCE vulnerability in MovableType. The exploit leverages the `mt.handler_to_coderef` method in the XML-RPC interface to execute arbitrary OS commands via a base64-encoded payload.

The repository contains only a minimal README with a CVE title and no functional exploit code or technical details. It lacks any meaningful content to demonstrate or analyze the vulnerability.