## https://sploitus.com/exploit?id=5ADD851A-6D91-54B6-8986-62346355A89F
# SiteCore-RCE-Detection
For detection of sitecore RCE - CVE-2021-42237
Sitecore Experience Platform Pre-Auth RCE - CVE-2021-42237
Relies on sitecore version detection and response when a request is made to vulnerale Report.ashx via Get and Post.
The script takes a file containing list of urls in format www.url.com on each line.
Usage :
python3 check-for-sitecore-rce.py -h
python3 check-for-sitecore-rce.py -u urls.txt
May result in false positives if the web application handles ther error differently. Recommended to check pages with 200 responses.
PoCs


Reference : https://blog.assetnote.io/2021/11/02/sitecore-rce/ , https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1000776