来源

关联漏洞

描述

POC for CVE-2018-8097 This script exploits CVE-2018-8097 and can retrieve files and contents using a blind RCE method.

介绍

## CVE-2018-8097
POC for CVE-2018-8097 This script exploits CVE-2018-8097 and can retrieve files and contents using a time based blind RCE method.


## Usage
```bash
python cve-2018-8097.py [-h] -u URL -c COMMAND -t TIME -id OBJECTID -d FILEPATH
options:
  -h, --help            show this help message and exit
  -u, --url URL         Target base URL (e.g., http://127.0.0.1:5000)
  -d, --dir DIR         Path to the file on the target system (e.g., /etc/passwd)
  -id, --objectid OBJECTID
                        MongoDB ObjectId value for the injection
  -t, --time TIME       Delay in seconds for time-based check (default: 3)
  -v, --verbose         Enable verbose output (shows found characters)
  -m, --max-length MAX_LENGTH
                        Maximum file length to read (default: 100)
```


## Resources
https://www.cvedetails.com/cve/CVE-2018-8097/ <br>
pyeve/eve#1101 <br>
https://github.com/pyeve/eve/commit/f8f7019ffdf9b4e05faf95e1f04e204aa4c91f98 <br>
https://github.com/SilentVoid13/CVE-2018-8097


## Disclaimer
This proof-of-concept (PoC) script is intended solely for educational and research purposes. It is provided without any warranty, express or implied.
By using this script, you agree that:
You will not use it for unauthorized or malicious purposes.
You understand that exploiting vulnerabilities may have legal consequences depending on your jurisdiction.
The authors and contributors of this repository are not responsible for any misuse or damages resulting from its use.
If you are a security researcher, ethical hacker, or developer, ensure you have proper authorization before testing or using this script on any system.

文件快照

 [4.0K]  /data/pocs/13d75a39c25613cf5f490b96c6e8e216cf37dc81
├── [3.6K]  cve-2018-8097.py
└── [1.6K]  README.md

0 directories, 2 files

备注