Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-15227 PoC — Nette 代码注入漏洞

Source
https://github.com/filipsedivy/CVE-2020-15227
Associated Vulnerability
Title:Nette 代码注入漏洞 (CVE-2020-15227)
Description:Nette是个人开发者的一个基于组件的事件驱动 PHP 框架。 Nette 存在代码注入漏洞,该漏洞源于外部输入数据构造代码段的过程中,网络系统或产品未正确过滤其中的特殊元素。攻击者可利用该漏洞生成非法的代码段,修改网络系统或组件的预期的执行控制流。以下产品及版本受到影响:2.0.19版本, 2.1.13版本, 2.2.10版本, 2.3.14版本, 2.4.16版本, 3.0.6版本。
Description
CVE-2020-15227 checker
Readme
# CVE-2020-15227

DISCLAIMER! I take no responsibility of using it in wild life environment so please do NOT do it. This thingy is just to demonstrate and for test things for sysadmins

---

This tool tests for [vulnerability](https://github.com/nette/application/security/advisories/GHSA-8gv3-3j7f-wg94) in [nette/application](https://github.com/nette/application).

# How to fix the vulnerability

## Composer

Update dependency to the latest version.

* ``nette/application >=3.0.6``
* ``nette/application >=2.4.16``
* ``nette/application >=2.3.14``
* ``nette/application >=2.2.10``
* ``nette/nette >= 2.1.13``
* ``nette/nette >= 2.0.19``

Add a new dependency [``roave/security-advisories``](https://github.com/Roave/SecurityAdvisories) into the project

## Third-party patch tools

* [PHP tool by @dg](https://gist.github.com/dg/be0f26b31be15a2f1b1208a1714bf415)
* [Bash tool by @spaze](https://gist.github.com/spaze/fb6d8cdc296e0314b50f8b484bcd1385)

# Description

**List of tested vulnerabilities:**

- file_put_contents
- Nette\\Utils\\FileSystem::write
- shell_exec

# Requiments

* Python 3.x

# Usage

```bash
git clone https://github.com/filipsedivy/CVE-2020-15227
cd CVE-2020-15227
python main.py https://example.com
```

OR

```
wget https://github.com/filipsedivy/CVE-2020-15227/archive/master.zip
unzip master.zip
cd CVE-2020-15227-master
python main.py https://example.com
```

[![asciicast](https://asciinema.org/a/373111.svg)](https://asciinema.org/a/373111)

# API

## Example

```python
from CVE_2020_1522 import CVE_2020_15227

# Disable verbose
cve = CVE_2020_15227(verbose=False)

# Response True or False
result = cve.run("https://example.com")

if result is True:
    print('Fuck! Confirmed vulnerability! :-( Need update composer')
else:
    print('Good night! Everything is okay. :)')

```

# Related links
* [cve.mitre.org - CVE-2020-15227](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15227)
* [blog.nette.org - CVE-2020–15227: Potential Remote Code Execution Vulnerability](https://blog.nette.org/en/cve-2020-15227-potential-remote-code-execution-vulnerability)
* [michalspacek.com - Don't let security bugs catch you off guard](https://www.michalspacek.com/dont-let-security-bugs-catch-you-off-guard)
* [blog.nette.org - CVE-2020–15227: Chyba potenciálně umožňující vzdálené spuštění kódu](https://blog.nette.org/cs/cve-2020-15227-chyba-potencialne-umoznujici-vzdalene-spusteni-kodu)
* [michalspacek.com - Ať vás bezpečnostní chyby nenachytají na švestkách](https://www.michalspacek.cz/at-vas-bezpecnostni-chyby-nenachytaji-na-svestkach)
* [phpfashion.com - Objevena první zranitelnost v Nette, aktualizujte!](https://phpfashion.com/objevena-prvni-zranitelnost-v-nette-aktualizujte)
File Snapshot

 [4.0K]  /data/pocs/77c159c40c3c14dc4563d64322fa87e9cca3d5a5
├── [5.8K]  CVE_2020_1522.py
├── [ 414]  main.py
└── [2.7K]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.