关联漏洞
标题:
PHPUnit 安全漏洞
(CVE-2017-9841)
描述:TYPO3是瑞士TYPO3协会维护的一套免费开源的内容管理系统。PHPUnit是其中的一个基于PHP的测试框架。 PHPUnit 4.8.28之前的版本和5.6.3之前的5.x版本中的Util/PHP/eval-stdin.php文件存在安全漏洞。远程攻击者可通过发送以‘<?php’字符串开头的HTTP POST数据利用该漏洞执行任意PHP代码。
描述
PHPUnit RCE
介绍
## **VulnerabilityScanner for PHPUnit RCE**
A specialized vulnerability scanner developed to identify and interactively exploit the Remote Code Execution (RCE) vulnerability in PHPUnit's `eval-stdin.php`. This vulnerability affects PHPUnit versions before 4.8.28 and 5.x before 5.6.3 and allows remote attackers to execute arbitrary PHP code via HTTP POST data.
### **Description of the Vulnerability:**
The `Util/PHP/eval-stdin.php` file in PHPUnit, in versions prior to 4.8.28 and 5.x before 5.6.3, has a vulnerability allowing remote attackers to execute arbitrary PHP code. An attacker can exploit this by sending HTTP POST data starting with a `<?php` substring. This poses a significant threat to sites with an exposed `/vendor` directory, giving external access to the `/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php` URI.
### **Features:**
- Mass scanning sourced from a list of URLs.
- Interactive shell mode for single target exploitation.
- Efficient scanning with multi-threading.
- Neat and color-coded console outputs using `rich`.
- Export feature for vulnerable URLs.
### **Installation:**
Ensure you have the required Python packages installed:
```bash
pip install -r requirements.txt
```
### **Usage:**
- Conduct a mass scan using a list of URLs, and output vulnerable ones:
```bash
python exploit.py -f path_to_file_with_urls.txt -o output_vulnerable_urls.txt
```
- Interact with a specific URL using the shell:
```bash
python exploit.py -u target_url
```
### **Arguments:**
- `-f, --file`: Provide a list of base URLs for scanning from a file.
- `-u, --url`: Enter the target URL for interactive shell mode.
- `-o, --output`: Designate a file to store detected vulnerable URLs.
- `-t, --threads`: Specify the number of threads. Defaults to `10`.
### **Disclaimer:**
This tool is intended solely for educational and defensive purposes. Always obtain proper permissions before scanning or exploiting any system. The developer is not responsible for misuse or any potential damages.
文件快照
[4.0K] /data/pocs/3275b608f17f938faedf361205222602f22bf8dd
├── [4.7K] exploit.py
├── [2.0K] README.md
└── [ 92] requirements.txt
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。