CVE-2017-9841 PoC — PHPUnit 安全漏洞

Source

https://github.com/mileticluka1/eval-stdin

Associated Vulnerability

Title:PHPUnit 安全漏洞 (CVE-2017-9841)
Description:TYPO3是瑞士TYPO3协会维护的一套免费开源的内容管理系统。PHPUnit是其中的一个基于PHP的测试框架。 PHPUnit 4.8.28之前的版本和5.6.3之前的5.x版本中的Util/PHP/eval-stdin.php文件存在安全漏洞。远程攻击者可通过发送以‘<?php’字符串开头的HTTP POST数据利用该漏洞执行任意PHP代码。

Description

Automated Exploit for CVE-2017-9841 (eval-stdin.php vulnerable file)

Readme

Util PHP eval-stdin.php (CVE-2017-9841) vulnerability is RCE vulnerability in outdated eval-stdin.php.
This exploit is just automation for mentioned vulnerability and is still in development.

Scripted in Ruby 3.0.4 (within 2 hours), tested on Kali linux, Arch Linux, Ubuntu minimal and Termux.

How to run it?

`ruby evil-eval.rb`

Inside of it, when you type `help` you can see what commands are available such as `revshell`, `checkconnection`, `privesc` which are very, very useful.

When you exit it, you shouldn't do CTRL+C (^C), you can do it by just typing `exit`

DISCLAIMER:

For any misuse or illegal action with this exploit I am totally not responsible.

`Keep calm an 'door the planet`

File Snapshot


 [4.0K]  /data/pocs/b1765681eb2121df5896d133a0fc5b13e8460f39
├── [3.1K]  evil-eval.rb
└── [ 699]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!