CVE-2017-11366 PoC — Codiad 安全漏洞

Source

https://github.com/hidog123/Codiad-CVE-2018-14009

Associated Vulnerability

Title:Codiad 安全漏洞 (CVE-2017-11366)
Description:Codiad是美国软件开发者Kent Safranski所研发的一套基于Web的IDE框架，它包含有项目/文件管理器和代码编辑器，主要用于在线编写和编辑代码。 Codiad 2.8.4之前的版本中的components/filemanager/class.filemanager.php文件存在远程代码执行漏洞。远程攻击者可利用该漏洞执行命令。

Description

Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689

Readme

1. install codiad  


 @  git clone https://github.com/Codiad/Codiad.git
 


Steps to reproduction
    1. Setup a vulnerable environment on ubuntu server with Codiad 2.8.4 (latest version)
   
      @  chmod o+w config.php
      @  chmod o+w workspace
      @  chmod o+w plugins
      @  chmod o+w themes
      @  chmod o+w data
      
    2.
    @  git clone https://github.com/hidog123/Codiad-CVE-2018-14009.gi
    
    3. Launch the exploit and then get a reverse shell

File Snapshot


 [4.0K]  /data/pocs/7f97d355f1ba3d77a32beea048e90b656df8035d
├── [5.8K]  exploit.py
└── [ 478]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!