CVE-2015-6967 PoC — Nibbleblog 代码注入漏洞

Source

https://github.com/3mpir3Albert/HTB_Nibbles

Associated Vulnerability

Title:Nibbleblog 代码注入漏洞 (CVE-2015-6967)
Description:NibbleBlog是一套博客引擎。 Nibbleblog 4.0.5之前版本的My Image插件中存在任意文件上传漏洞。远程攻击者可通过上传可执行文件，并发送直接的请求访问该文件利用该漏洞执行任意代码。

Description

In this repository you will find the technical report of Nibbles, the exploit to abuse the CVE-2015-6967 and an autopwn tool in case you want to resolve the machine in HackTheBox

Readme

# HTB_Nibbles
In this repository you will find the technical report of Nibbles, the exploit (pwned.py) to abuse the CVE-2015-6967 and an autopwn tool (autopwn.py) in case you want to resolve the machine in HackTheBox.
- Pwned.py tool: This file will help you to exploit CVE-2015-6967. If you want to run this exploit you will need to satisfy 3 requirements:
  - You will need to create a PHP file with a command to execute in the Nibbleblog server. For example:
      \<?php
        system("whoami");
      ?\>
  - In case you want to execute a reverse shell you will need to be listening in the same port as you specified in the PHP file.
  - Run the tool correctly: python3 pwned.py <base_url_nibbleblog> <nibbleblog_admin_user> <nibbleblog_admin_password>

- Autopwn.py: This file will give you root permissions of the Nibbles machine when you run it. It must meet the same 3 requirements as the previous tool.

File Snapshot


 [4.0K]  /data/pocs/8ded511f8ae98f7978079a9258ed65cdc190458c
├── [3.1K]  autopwn.py
├── [2.4M]  Informe Tecnico.pdf
├── [2.2K]  pwned.py
└── [ 914]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!