Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2008-4687 PoC — Mantis 'manage_proj_page.php' PHP代码注入漏洞

Source
https://github.com/nmurilo/CVE-2008-4687-exploit
Associated Vulnerability
Title:Mantis 'manage_proj_page.php' PHP代码注入漏洞 (CVE-2008-4687)
Description:Mantis中的manage_proj_page.php允许远程认证用户借助包含PHP序列的sort参数执行任意代码。这些PHP序列会在core/utility_api.php中的multi_sort函数范围内被create_function处理。
Readme
# CVE-2008-4687-exploit
Quick and dirty python exploit for CVE-2008-4687.

Description by NIST:
manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to
execute arbitrary code via a sort parameter containing PHP sequences, which are 
processed by create_function within the multi_sort function in core/utility_api.php.
File Snapshot

 [4.0K]  /data/pocs/7f185db506aebb1d474b6279dd5f042d0e1ede58
├── [2.0K]  CVE-2008-4687-mantis.py
└── [ 343]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.