CVE-2020-28948 PoC — Pear Archive_Tar 代码问题漏洞

Source

https://github.com/0x240x23elu/CVE-2020-28948-and-CVE-2020-28949

Associated Vulnerability

Title:Pear Archive_Tar 代码问题漏洞 (CVE-2020-28948)
Description:Pear Archive_Tar是Pear（PEAR）团队的一个基于Php的可以对tar包进行创建、提取等操作的软件。 Archive_Tar 1.4.10版本及之前版本存在安全漏洞，该漏洞允许反序列化攻击，因为phar:被阻塞而phar:没有被阻塞。

Readme

# CVE-2020-28948-and-CVE-2020-28949

https://github.com/pear/Archive_Tar/issues/33

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28948

for more learn https://i.blackhat.com/us-18/Thu-August-9/us-18-Thomas-Its-A-PHP-Unserialization-Vulnerability-Jim-But-Not-As-We-Know-It.pdf

File Snapshot


 [4.0K]  /data/pocs/1799074511d538bccad2d7318a10cd675e508cc3
├── [ 18K]  exploit.zip
└── [ 287]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!