CVE-2009-4137 PoC — Piwik “loadContentFromCookie” 输入验证错误漏洞

Source

https://github.com/Alexeyan/CVE-2009-4137

Associated Vulnerability

Title:Piwik “loadContentFromCookie” 输入验证错误漏洞 (CVE-2009-4137)
Description:Piwik是一个开放源代码的Web统计软件。 Piwik的core/Cookie.php的loadContentFromCookie函数在调用unserialize函数之前不能确认从cookie中获得的字符串的合法性，远程攻击者可以借助与 Piwik_Config class中的__destruct函数; php://filter URIs;Zend Framework中的__destruct函数,例如Zend_Log destructor;Zend Framework中的shutdown函数,例如Zen

Description

Exploit for piwik CVE-2009-4140 RCE

File Snapshot


 [4.0K]  /data/pocs/996eea825115971f8e822b9533b522618fc2ab7e
└── [1.8K]  exploit.php

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!