CVE-2019-19609 PoC — Strapi Admin面板Install and Uninstall Plugin组件输入验证错误漏洞

Source

https://github.com/glowbase/CVE-2019-19609

Associated Vulnerability

Title:Strapi Admin面板Install and Uninstall Plugin组件输入验证错误漏洞 (CVE-2019-19609)
Description:Strapi是一套开源的无头内容管理系统（CMS）。Install and Uninstall Plugin是其中的一个安装卸载插件。 Strapi中的Admin面板的Install and Uninstall Plugin组件存在远程代码执行漏洞，该漏洞源于程序没有清理插件名。攻击者可借助‘execa’函数利用该漏洞注入并执行任意的shell命令。

Description

Strapi CMS 3.0.0-beta.17.4 - Unauthenticated Remote Code Execution (CVE-2019-18818, CVE-2019-19609)

Readme

# Strapi CMS Exploit
This exploit targets two vulnerabilities in the Strapi CMS Framework version **3.0.0-beta-17.4** allowing for unauthenticated remote code execution (RCE).

<p>&nbsp;</p>

## Vulnerabilities

### CVE-2019-18818
Weak Password Recovery Mechanism for Forgotten Password

**CVSS**: 9.8 - Critical

More details: [https://nvd.nist.gov/vuln/detail/CVE-2019-18818](https://nvd.nist.gov/vuln/detail/CVE-2019-18818)

### CVE-2019-19609
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

**CVSS**: 7.2 - High

More details: [https://nvd.nist.gov/vuln/detail/CVE-2019-19609](https://nvd.nist.gov/vuln/detail/CVE-2019-19609)

<p>&nbsp;</p>

## Usage:
Before running this exploit, start a netcat listener on the `lport` you specify in the below options.

### Start netcat listener
```bash
nc -lnvp <lport>
```

### Run exploit
```bash
exploit.py <rhost> <lhost> <lport>
```

File Snapshot


 [4.0K]  /data/pocs/6f74c0adcaa59e137fefc90b80bac814e3933fe2
├── [2.5K]  exploit.py
├── [1.0K]  LICENSE
└── [ 921]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!