CVE-2017-18044 PoC — Commvault 命令注入漏洞

Source

https://github.com/securifera/CVE-2017-18044-Exploit

Associated Vulnerability

Title:Commvault 命令注入漏洞 (CVE-2017-18044)
Description:Commvault是美国Commvault公司的一套基于Simpana（一体化软件平台）为终端用户提供数据自动保护和即时访问等功能的软件。 Commvault 11 SP6之前版本中的ContentStore/Base/CVDataPipe.dll文件存在命令注入漏洞，该漏洞源于在将进入的字符串传递到CreateProcess之前，Commvault服务中的消息解析函数没有正确的验证输入。攻击者可借助特制的消息利用该漏洞在目标操作系统上注入并执行命令。

Description

Commvault-CVE-2017-18044

File Snapshot


 [4.0K]  /data/pocs/413dd3c0abf39a8ffe23b8a0b322d4c8fafa6f69
├── [4.0K]  comvlt
│   ├── [4.0K]  src
│   │   └── [4.6K]  main.cpp
│   └── [4.0K]  vs2012
│       ├── [4.0K]  comvlt.vcxproj
│       └── [ 939]  comvlt.vcxproj.filters
├── [ 872]  comvlt.sln
└── [ 475]  README.MD

3 directories, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!