PR
Create CVE-2021-30116.yaml #12758
projectdiscovery/nuclei-templates#12795

Template / PR Information

Adds a new HTTP template for CVE-2021-30116 under http/cves/2021.

This template detects unauthenticated credential disclosure via /dl.asp?load=KaseyaD.ini and extracts AdminPwd and SessionCookie.

No version-based checks.

Template Validation

I’ve validated this template locally?

YES [X] NO [ ]

/claim #12758

Template path: http/cves/2021/CVE-2021-30116.yaml

Proof-of-Concept artifacts (attached below):

Debug data (attached below):

  • debug.log (scan against the vulnerable POC) debug.log
  • clean.log (scan against a clean environment) clean.log

Note on HTTP protocol:
This CVE can only be exploited via HTTP GET on /dl.asp?load=KaseyaD.ini.
Per the FAQ, HTTP-only templates are blocked by default but allowed here as a critical exception, since no other protocol applies.

Additional References: Nuclei Template Creation Guideline Nuclei Template Matcher Guideline Nuclei Template Contribution Guideline PD-Community Discord server

Claim

Total prize pool $50
Total paid $0
Status Pending
Submitted August 05, 2025
Last updated August 05, 2025

Contributors

GU

guiknx

@guiknx

 100%

Sponsors

PR

ProjectDiscovery

@projectdiscovery

$50