Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-9841 PoC — PHPUnit 安全漏洞

Source
https://github.com/Chocapikk/CVE-2017-9841
Associated Vulnerability
Title:PHPUnit 安全漏洞 (CVE-2017-9841)
Description:TYPO3是瑞士TYPO3协会维护的一套免费开源的内容管理系统。PHPUnit是其中的一个基于PHP的测试框架。 PHPUnit 4.8.28之前的版本和5.6.3之前的5.x版本中的Util/PHP/eval-stdin.php文件存在安全漏洞。远程攻击者可通过发送以‘<?php’字符串开头的HTTP POST数据利用该漏洞执行任意PHP代码。
Description
PHPUnit RCE
Readme
## **VulnerabilityScanner for PHPUnit RCE**

A specialized vulnerability scanner developed to identify and interactively exploit the Remote Code Execution (RCE) vulnerability in PHPUnit's `eval-stdin.php`. This vulnerability affects PHPUnit versions before 4.8.28 and 5.x before 5.6.3 and allows remote attackers to execute arbitrary PHP code via HTTP POST data.

### **Description of the Vulnerability:**

The `Util/PHP/eval-stdin.php` file in PHPUnit, in versions prior to 4.8.28 and 5.x before 5.6.3, has a vulnerability allowing remote attackers to execute arbitrary PHP code. An attacker can exploit this by sending HTTP POST data starting with a `<?php` substring. This poses a significant threat to sites with an exposed `/vendor` directory, giving external access to the `/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php` URI.

### **Features:**

- Mass scanning sourced from a list of URLs.
- Interactive shell mode for single target exploitation.
- Efficient scanning with multi-threading.
- Neat and color-coded console outputs using `rich`.
- Export feature for vulnerable URLs.

### **Installation:**

Ensure you have the required Python packages installed:

```bash
pip install -r requirements.txt
```

### **Usage:**

- Conduct a mass scan using a list of URLs, and output vulnerable ones:
```bash
python exploit.py -f path_to_file_with_urls.txt -o output_vulnerable_urls.txt
```

- Interact with a specific URL using the shell:
```bash
python exploit.py -u target_url
```

### **Arguments:**

- `-f, --file`: Provide a list of base URLs for scanning from a file.
- `-u, --url`: Enter the target URL for interactive shell mode.
- `-o, --output`: Designate a file to store detected vulnerable URLs.
- `-t, --threads`: Specify the number of threads. Defaults to `10`.

### **Disclaimer:**

This tool is intended solely for educational and defensive purposes. Always obtain proper permissions before scanning or exploiting any system. The developer is not responsible for misuse or any potential damages.
File Snapshot

 [4.0K]  /data/pocs/3275b608f17f938faedf361205222602f22bf8dd
├── [4.7K]  exploit.py
├── [2.0K]  README.md
└── [  92]  requirements.txt

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.