## https://sploitus.com/exploit?id=F7DCCBCC-40F6-5BAD-8DE7-47681DD28069
# CVE-2021-37580
## 0x00 Vulnerability Details
**Vulnerability Principle:** [# Apache ShenYu Admin bypass JWT authentication CVE-2021-37580](https://articles.zsxq.com/id_crk7w2w1wjwa.html)
## 0x01 Single URLs
```bash
Usage: python3 CVE-2021-37580.py -u URL -n username.txt
```
For `shenyu-admin-2.4.0`, the vulnerable versions are as follows:
For `shenyu-admin-2.4.1`, the non-vulnerable versions are as follows:
## 0x02 Batch URLs Detection
```bash
Usage: python3 CVE-2021-37580.py -f URL.txt -n username.txt
```
## 0x03 Script Errors
If the script encounters errors during execution:
```
AttributeError: module 'jwt' has no attribute 'encode'
```
Execute the following command:
```bash
python3 -m pip uninstall jwt
python3 -m pip uninstall pyjwt
python3 -m pip install pyjwt==1.5.3 --user
```
## 0x04 Disclaimer
This tool is intended only for legitimate enterprise security construction activities. If you need to test the availability of this tool, please set up a test environment yourself. When using this tool for detection, ensure that your actions comply with local laws and regulations, and that you have obtained sufficient authorization. Do not scan unauthorized targets. If you engage in any illegal activities while using this tool, you will bear the consequences yourself. We will not assume any legal or joint liability. Before installing and using this tool, please read and fully understand all terms and conditions carefully. Terms such as limitations, disclaimers, or other provisions related to your significant rights may be highlighted or underlined for your attention. Unless you have thoroughly read, fully understood, and accepted all terms of this agreement, do not install or use this tool. Your use of this tool, or any indication of acceptance of this agreement by you, constitutes your acceptance of these terms.