CVE-2021-25646

This repository is a list of PoCs for various vulnerabilities, including CVE-2020-14883. It does not contain actual exploit code but references multiple vulnerabilities and their corresponding PoCs.

This repository contains a functional exploit for CVE-2021-25646, an RCE vulnerability in Apache Druid. The exploit leverages the lack of authentication to send a crafted JSON payload to the '/druid/indexer/v1/sampler' endpoint, executing arbitrary commands via a JavaScript filter function.

This repository contains a functional exploit tool for CVE-2021-25646, an Apache Druid remote code execution vulnerability. The tool supports vulnerability detection and command execution, including reverse shell capabilities.

This repository contains a functional exploit for CVE-2021-25646, an RCE vulnerability in Apache Druid. The exploit leverages a JavaScript injection in the 'filter' function of the 'transformSpec' to execute arbitrary commands via Java's Runtime.exec().

The repository contains only a README with a YouTube link and no actual exploit code or technical details about CVE-2021-25646. This is characteristic of a social engineering lure.

This repository contains a Wker script for detecting CVE-2021-25646, an Apache Druid remote code execution vulnerability. It uses DNSLog to verify the presence of the vulnerability by sending a crafted request and checking for DNS callbacks.

This repository contains a functional exploit for CVE-2021-25646, an RCE vulnerability in Apache Druid. The exploit leverages a malicious JavaScript function in the 'filter' parameter of a POST request to execute arbitrary commands via `java.lang.Runtime.getRuntime().exec()`.

This repository contains a GUI-based exploit for CVE-2021-25646, which appears to be a command injection vulnerability. The tool allows users to input a target URL and a command, then executes the command on the target system via HTTP requests.

This repository contains a functional exploit for CVE-2021-25646, an RCE vulnerability in Apache Druid. The exploit leverages a JavaScript filter in the transformSpec to execute arbitrary commands via java.lang.Runtime.getRuntime().exec().

This repository contains a functional Python exploit for CVE-2021-25646, an RCE vulnerability in Apache Druid. The exploit leverages JavaScript code injection via a crafted sampler request to execute arbitrary commands on the target system.

This repository contains a functional Go-based exploit for CVE-2021-25646, a remote code execution vulnerability in Apache Druid. The exploit leverages improper input validation in the Druid indexer component to inject arbitrary commands via crafted JSON payloads.

This repository contains a functional Python exploit for CVE-2021-25646, which leverages a JavaScript injection vulnerability in Apache Druid to achieve remote code execution (RCE). The exploit sends a crafted HTTP POST request to the Druid sampler endpoint, embedding a malicious JavaScript function that executes arbitrary shell commands via Java's Runtime.exec.

This Metasploit module exploits CVE-2021-25646 in Apache Druid versions prior to 0.20.1, allowing unauthenticated remote command execution via JavaScript code injection in a specially crafted request to the Druid indexer sampler endpoint.