CVE-2020-13756 PoC — Sabberworm PHP CSS Parser 输入验证错误漏洞

Source

https://github.com/KrE80r/CVE-2020-13756-env

Associated Vulnerability

Title:Sabberworm PHP CSS Parser 输入验证错误漏洞 (CVE-2020-13756)
Description:PHP（PHP：Hypertext Preprocessor，PHP：超文本预处理器）是PHPGroup和开放源代码社区的共同维护的一种开源的通用计算机脚本语言。该语言主要用于Web开发，支持多种数据库及操作系统。 Sabberworm PHP CSS Parser 8.3.1之前版本中存在输入验证错误漏洞。远程攻击者可借助‘allSelectors’或‘getSelectorsBySpecificity’函数利用该漏洞在系统上执行任意代码。

Description

Vulnerable test environment for CVE-2020-13756 (Sabberworm PHP CSS Parser RCE)

File Snapshot


 None

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!