CVE-2019-11447 PoC — 编号重复

Source

https://github.com/substing/CVE-2019-11447_reverse_shell_upload

Associated Vulnerability

Title:编号重复 (CVE-2019-11447)
Description:CutePHP CuteNews是一套新闻管理系统。该系统具有搜索、文件上传管理、访问控制、备份和恢复等功能。 “废弃”请勿使用此编号。原因：此编号与CNNVD-201110-126编号重复，所有使用CNNVD编号的用户请参考CNNVD-201110-126编号。为防止意外使用，此编号中的所有信息已删除。

Readme

# CVE-2019-11447 CuteNews 2.1.2 Reverse Shell Upload

A slightly modified version of the [Mt-Code POC](https://github.com/mt-code/CVE-2019-11447) which spawns a full reverse shell rather than a web shell.

This exploit uses the famous [PentestMonkey PHP Reverse Shell](https://github.com/pentestmonkey/php-reverse-shell).

### Install

`pip install -r requirements.txt`

### Example use:

* Create a user on the application
* Run the following
`python exploit.py http://{target}/index.php {myuser} {mypassword}`
* Open a listener and navigate to the path listed by the exploit.

![](example.png)


Disclaimer: I do not take credit for the creation of either of these scripts. 


**Follow the law.**

File Snapshot


 [4.0K]  /data/pocs/b2c01b20ae4d3401d9a4ecc1e5e123523d0af5ad
├── [ 93K]  example.png
├── [3.4K]  exploit.py
├── [ 699]  README.md
├── [  79]  requirements.txt
└── [2.5K]  revshell.php

0 directories, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!