CVE-2021-40870

This PoC exploits CVE-2021-40870, an unrestricted file upload vulnerability in Aviatrix Controller, allowing unauthenticated RCE via directory traversal. It uploads a PHP shell and verifies its presence.

This exploit leverages a path traversal vulnerability in Aviatrix to write arbitrary PHP code to a file on the target system, enabling remote code execution (RCE). The PoC sends a crafted POST request to create a malicious PHP file and then verifies its existence via a GET request.

This PoC exploits CVE-2021-40870, an unrestricted file upload vulnerability in Aviatrix, allowing an authenticated user to execute arbitrary PHP code by uploading a malicious file. The script sends a crafted POST request to create a PHP file in a writable directory and verifies its presence via a GET request.

This PoC exploits CVE-2021-40870, an unrestricted file upload vulnerability in Aviatrix, allowing an authenticated user to upload a malicious PHP file and achieve remote code execution (RCE). The script sends a crafted POST request to create a PHP file in a writable directory and verifies its existence via a GET request.

The repository contains a functional Python exploit for CVE-2021-40870, which allows an authenticated user to execute arbitrary PHP code on Aviatrix systems via a path traversal vulnerability in the 'set_metric_gw_selections' action.

The repository contains a functional Python exploit for CVE-2021-40870, which allows an authenticated user to execute arbitrary PHP code on Aviatrix systems via a path traversal vulnerability in the 'set_metric_gw_selections' action.