Switch branches/tags
Nothing to show
Find file History
Latest commit 7db56a4 Nov 17, 2018
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
docker updated payload Nov 17, 2018
CVE-2018-9206.sh cleaned up old cruft/exploit banner Oct 27, 2018
README.md Update README.md Oct 27, 2018
list_of_forks_tested.txt Added testing result files Oct 17, 2018
test_results.txt Added testing result files Oct 17, 2018

README.md

A quick POC for CVE-2018-9206.

This exploit will attempt to find one of the three common variations of the software and upload a simple PHP shell.

alt text

I've done some testing against the 1000 forks of the original code and it seems only 36 were not vulnerable. I found these only required a slight tweak to my exploit to get the majority of them working.

Results are in the file test_results.txt.

Special Thanks to Phackt, @phackt_ul. He refactored the exploit code and added the docker testing environment.

For testing purpose (will create an Apache/PHP docker container with vuln versions of the plugin):
./docker/install.sh

You can examine the docker container with:

root # docker run -it vuln bash