CVE-2016-4861 PoC — Zend Framework SQL注入漏洞

Source

https://github.com/KosukeShimofuji/CVE-2016-4861

Associated Vulnerability

Title:Zend Framework SQL注入漏洞 (CVE-2016-4861)
Description:Zend Framework（ZF）是美国Zend公司开发的一套开源的PHP5开发框架，它主要用于开发Web程序和服务。 ZF 1.12.20之前的版本中的Zend_Db_Select的order和group方法存在安全漏洞。远程攻击者可利用该漏洞实施SQL注入攻击。

Description

Research CVE-2016-4861

File Snapshot


 [4.0K]  /data/pocs/cafe73ecf23478500c1df3a3617b5fa90e8ad222
└── [4.0K]  ansible
    ├── [ 261]  development
    ├── [4.0K]  group_vars
    │   └── [   4]  all.yml
    ├── [4.0K]  host_vars
    │   ├── [  74]  attacker.test
    │   └── [  99]  scapegoat.test
    ├── [4.0K]  roles
    │   ├── [4.0K]  apache
    │   │   └── [4.0K]  tasks
    │   │       └── [ 514]  main.yml
    │   ├── [4.0K]  common
    │   │   └── [4.0K]  tasks
    │   │       └── [1.2K]  main.yml
    │   ├── [4.0K]  login_user
    │   │   ├── [4.0K]  files
    │   │   │   ├── [1.2K]  _bashrc
    │   │   │   └── [6.1K]  _vimrc
    │   │   └── [4.0K]  tasks
    │   │       └── [1.7K]  main.yml
    │   ├── [4.0K]  mysql
    │   │   ├── [4.0K]  tasks
    │   │   │   └── [ 383]  main.yml
    │   │   ├── [4.0K]  templates
    │   │   │   └── [ 115]  my.cnf
    │   │   └── [4.0K]  vars
    │   │       └── [  32]  main.yml
    │   ├── [4.0K]  php
    │   │   └── [4.0K]  tasks
    │   │       └── [ 254]  main.yml
    │   ├── [4.0K]  python
    │   │   └── [4.0K]  tasks
    │   │       └── [1.2K]  main.yml
    │   └── [4.0K]  zendframework
    │       └── [4.0K]  tasks
    │           └── [ 254]  main.yml
    ├── [ 263]  site.yml
    └── [ 600]  Vagrantfile

21 directories, 17 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!