CVE-2021-33026
/Practice/Shifty/3-Exploitation/attachments/{7ACFBC7E-2E1D-4F52-8FAF-7A5488490CD5}.png)
A vulnerability was found in Flask-Caching Extension up to 1.10.1 on Flask. It has been classified as problematic. Affected is an unknown part of the component Pickle. The manipulation with an unknown input leads to a cross site scripting vulnerability. CWE is classifying the issue as CWE-79. The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. This is going to have an impact on confidentiality, integrity, and availability.
Exploit
/Practice/Shifty/3-Exploitation/attachments/{751EBBDA-7DE2-4A28-A5A5-9E911E36A8BE}.png)
Found an exploit online
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/shifty]
└─$ git clone https://github.com/CarlosG13/CVE-2021-33026 ; python3 -m venv CVE-2021-33026/.venv ; source CVE-2021-33026/.venv/bin/activate
Cloning into 'CVE-2021-33026'...
remote: Enumerating objects: 13, done.
remote: Counting objects: 100% (13/13), done.
remote: Compressing objects: 100% (13/13), done.
remote: Total 13 (delta 3), reused 0 (delta 0), pack-reused 0 (from 0)
Receiving objects: 100% (13/13), 5.12 KiB | 5.12 MiB/s, done.
Resolving deltas: 100% (3/3), done.
┌──(.venv)─(kali㉿kali)-[~/PEN-200/PG_PRACTICE/shifty]
└─$ pip3 install pymemcache requests pyfiglet pickleDownloaded to Kali