CVE-2020-5248 PoC — Teclib GLPI 信任管理问题漏洞

Source

https://github.com/Mkway/CVE-2020-5248

Associated Vulnerability

Title:Teclib GLPI 信任管理问题漏洞 (CVE-2020-5248)
Description:Teclib GLPI是法国Teclib公司的一套开源的IT资产管理套件。该套件包含设备状态管理、资产清单存储、管理流程和工作日志管理等功能。 Teclib GLPI 9.4.6之前版本中存在信任管理问题漏洞。该漏洞源于网络系统或产品中缺乏有效的信任管理机制。攻击者可利用默认密码或者硬编码密码、硬编码证书等攻击受影响组件。

Description

CVE-2020-5248

Readme

# CVE-2020-5248 POC 환경 구성 및 테스트 입니다. 

# 테스트 방법

- 환경 구성 

```
vim docker/nginx/default.conf
server_name [docker host ip ];  -change
mysqlserver: mysql  id: root pw: root 
```
- 실행 

```
cd docker/app/
tar -xvf /docker/app/glpi-9.4.5.tgz
chmod -R 777 glpi
docker-compose up -d 
```

glpi 접속 http://localhost:8080/glpi

- POC 테스트  
poc : https://github.com/indevi0us/CVE-2020-5248    
테스트 : https://offsec.almond.consulting/multiple-vulnerabilities-in-glpi.html     
암호문 획득 - http://localhost:8080/glpi 
```
docker/poc/decrypt_any.php
vim decrpyt_any.php - change - decrypt ("decrytion")
http://localhost:8080/poc/decrypt_any.php 
```

---- 
# 주의 
설치 실패시 한번 glpi를 삭제후 다시 tar 작업을 진행하십시오

File Snapshot


 [4.0K]  /data/pocs/c4ebf64d12c2631b7dfa78b85718fe23274c2b32
├── [4.0K]  docker
│   ├── [4.0K]  app
│   │   ├── [ 395]  docker-compose.yml
│   │   ├── [ 33M]  glpi-9.4.5.tgz
│   │   ├── [  17]  index.php
│   │   └── [4.0K]  poc
│   │       └── [ 392]  decrypt_any.php
│   ├── [4.0K]  nginx
│   │   ├── [ 483]  default.conf
│   │   └── [  76]  Dockerfile
│   └── [4.0K]  php
│       ├── [ 338]  Dockerfile
│       └── [4.0K]  docker-php-extension-installer
└── [ 803]  README.md

6 directories, 8 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!