CVE-2014-8731-PoC - PHPMemcachedAdmin Remote Code Execution

A proof of concept tool to test your own system if they are vulnerable to CVE-2014-8731

Blog Post

PHPMemcachedAdmin Remote Code Execution - CVE-2014-8731 PoC

Run test

Start victim server:

docker run -p8081:80 --rm --name phpma -it alphayax/phpmemcachedadmin

Attack victim with PoC:

git clone https://github.com/sbani/CVE-2014-8731-PoC.git
cd CVE-2014-8731-PoC
python attack.py http://localhost:8081 id

CVE details

PHPMemcachedAdmin 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via vectors related "serialized data and the last part of the concatenated filename," which creates a file in webroot.

References:

https://nvd.nist.gov/vuln/detail/CVE-2014-8731

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
README.md		README.md
attack.py		attack.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

attack.py

attack.py

Repository files navigation

CVE-2014-8731-PoC - PHPMemcachedAdmin Remote Code Execution

Blog Post

Run test

CVE details

About

Releases

Packages

Languages

sbani/CVE-2014-8731-PoC

Folders and files

Latest commit

History

README.md

README.md

attack.py

attack.py

Repository files navigation

CVE-2014-8731-PoC - PHPMemcachedAdmin Remote Code Execution

Blog Post

Run test

CVE details

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages