Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-12272 PoC — OpenWrt LuCI 命令操作系统命令注入漏洞

Source
https://github.com/HACHp1/LuCI_RCE_exp
Associated Vulnerability
Title:OpenWrt LuCI 命令操作系统命令注入漏洞 (CVE-2019-12272)
Description:OpenWrt LuCI是一款用于OpenWrt(Linux发行版)的图形化配置界面。 OpenWrt LuCI 0.10及之前版本中的admin/status/realtime/bandwidth_status和admin/status/realtime/wireless_status端点存在命令操作系统命令注入漏洞。该漏洞源于外部输入数据构造可执行命令过程中,网络系统或产品未正确过滤其中的特殊元素。攻击者可利用该漏洞执行非法命令。
Description
Exp of cve-2019-12272
File Snapshot

 [4.0K]  /data/pocs/b621d5ee5aec15f32aa24e8ae18fc3e34d451878
├── [1.4K]  cve-2019-12272_bandwidth_status.py
├── [1.4K]  cve-2019-12272_wireless_status.py
└── [ 382]  readme.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.