Sonatype Nexus 3.21.1
This application is vulnerable to Remote Code Execution with valid credentials.
This is the catch in this case. We've got to try different default credentials, even nexus:nexus or if we are able to maybe see it in an SMB share or FTP server.
The exploit requires you to send an cmd command which I just change it to make the computer get one of my files. Afterwards we would get a reverse shell.
Last updated