CVE-2019-11881 PoC — Rancher Labs Rancher 输入验证错误漏洞

Source

https://github.com/MauroEldritch/VanCleef

Associated Vulnerability

Title:Rancher Labs Rancher 输入验证错误漏洞 (CVE-2019-11881)
Description:Rancher Labs Rancher是美国Rancher Labs公司的一套开源的企业级容器管理平台。 Rancher Labs Rancher 2.1.4版本中的登录组件存在安全漏洞。攻击者可利用该漏洞诱使用户访问钓鱼网站。

Description

Exploit for CVE-2019-11881 (Rancher 2.1.4 Web Parameter Tampering)

Readme

VanCleef
======

Rancher 2.1.4 Web Parameter Tampering (CVE-2019-11881)

```
./vancleef.rb rancher_ip rancher_port message_to_display (double-quoted)

#Example: ./vancleef.rb 192.168.0.1 8080 "Rancher is outdated. Please update following the instructions at http://192.168.0.25/rancher-updating"
```
[MITRE CVE Announcement](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11881)

File Snapshot


 [4.0K]  /data/pocs/2c0214f043e7b6e994ef3bf523a27219243c6ae4
├── [ 389]  README.md
└── [ 728]  vancleef.rb

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!