Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-35131 PoC — Cockpit 代码注入漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-35131.yaml
Associated Vulnerability
Title:Cockpit 代码注入漏洞 (CVE-2020-35131)
Description:Cockpit是一个交互式服务器管理界面。 Cockpit before 0.6.1 存在安全漏洞,该漏洞允许攻击者注入自定义PHP代码,并实现远程命令执行。
Description
Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php, as demonstrated by values in JSON data to the /auth/check or /auth/requestreset URI.
File Snapshot

 id: CVE-2020-35131

info:
  name: Cockpit CMS 0.6.1 - Remote Code Execution
  author: DhiyaneshDK
  

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.