CVE-2021-43857

This exploit demonstrates an authenticated RCE vulnerability in Gerapy versions prior to 0.9.8. It logs in, retrieves project details, and executes a reverse shell payload via a crafted API request.

This PoC exploits CVE-2021-43857, a command injection vulnerability in Gerapy, by authenticating with provided credentials and injecting a reverse shell payload into the 'spider' parameter of the '/api/project/robots/parse' endpoint.

This exploit targets CVE-2021-43857, a remote code execution vulnerability in Gerapy versions prior to 0.9.8. It authenticates as an admin user, retrieves project details, and executes a reverse shell payload via a crafted API request.

This is a functional exploit for CVE-2021-43857, an authenticated RCE vulnerability in Gerapy < 0.9.8. It automates login, project creation, and delivers a reverse shell payload via command injection in the spider field.

This PoC exploits CVE-2021-43857 in Gerapy < 0.9.8 by authenticating, fetching a project, and triggering a reverse shell via command injection in the spider field. It uses a netcat listener for the payload.

This repository contains a functional exploit for CVE-2021-43857, a remote code execution vulnerability in Gerapy versions prior to 0.9.8. The exploit authenticates to the application, retrieves project details, and executes a reverse shell payload via the vulnerable spider mechanism.