Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-17221 PoC — PhantomJS 安全漏洞

Source
https://github.com/h4ckologic/CVE-2019-17221
Associated Vulnerability
Title:PhantomJS 安全漏洞 (CVE-2019-17221)
Description:PhantomJS是一款用于自动化网页交互的无头浏览器。 PhantomJS 2.1.1及之前版本中的网页模块的‘page.open()’函数存在安全漏洞。攻击者可借助特制的HTML文件利用该漏洞读取文件系统上任意文件。
Description
PhantomJS uses internal module: webpage, to open, close, render, and perform multiple actions on webpages, which suffers from an arbitrary file read vulnerability. The vulnerability exists in the page.open() function of the webpage module, which loads the specified URL and calls a given callback. When opening a HTML file, an attacker can supply specially crafted file content, which allows reading arbitrary files on the filesystem. The vulnerability is demonstrated by using page.render() as the function callback, resulting in the generation of a PDF or an image of the targeted file.
File Snapshot

 [4.0K]  /data/pocs/69aa3f4326a606841a358bbc7115e5bf5b03e196
└── [633K]  PhantonJS_Arbitrary_File_Read.pdf

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.