CVE-2019-25024 PoC — Aaron Crawford OpenRepeater 操作系统命令注入漏洞

Source

https://github.com/codexlynx/CVE-2019-25024

Associated Vulnerability

Title:Aaron Crawford OpenRepeater 操作系统命令注入漏洞 (CVE-2019-25024)
Description:Aaron Crawford OpenRepeater 是美国Aaron Crawford个人开发者的一个应用软件。提供了更新和共享代码的家。 OpenRepeater 中存在操作系统命令注入漏洞。该漏洞源于允许将Shell 元命令注入到 functions/ajax_system.php post_service 的参数中。攻击者可利用该漏洞执行非法命令。以下产品及版本受到影响：OpenRepeater 2.2之前版本。

Description

Full exploit code for CVE-2019-25024 an unauthenticated command injection flaw in OpenRepeater.

Readme

## [CVE-2019-25024] OpenRepeater (ORP) / Unauthenticated Command Injection

### Advisories:
* MITRE CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25024
* US NIST: https://nvd.nist.gov/vuln/detail/CVE-2019-25024
* Tenable: https://www.tenable.com/cve/CVE-2019-25024
* VulDB: https://vuldb.com/?id.170172
* Ubuntu: https://ubuntu.com/security/CVE-2019-25024
* Debian: https://security-tracker.debian.org/tracker/CVE-2019-25024
* Launchpad: https://launchpad.net/bugs/cve/CVE-2019-25024

### Usage:

```sh
$ python exploit.py
Usage: exploit.py <scheme>://<address> <command>
```

File Snapshot


 [4.0K]  /data/pocs/6480414aa044b3aaf491796c38a1afe34805a629
├── [ 736]  exploit.py
└── [ 591]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!