CVE-2018-19518 PoC — University of Washington IMAP Toolkit 2007f 参数注入漏洞

Source

https://github.com/houqe/EXP_CVE-2018-19518

Associated Vulnerability

Title:University of Washington IMAP Toolkit 2007f 参数注入漏洞 (CVE-2018-19518)
Description:University of Washington IMAP Toolkit 2007f是美国华盛顿大学（University Of Washington）的一款IMAP（Internet消息访问协议）工具包。 University of Washington IMAP Toolkit 2007f 基于UNIX平台中的imap_open()函数存在参数注入漏洞，该漏洞源于程序没有正确的验证server URI。远程攻击者可借助imap_rimap和tcp_aopen函数利用该漏洞执行任意的操作系统命令。以下

Readme

# CVE-2018-19518

## 免责声明

**本程序应仅用于授权的安全测试与研究目的，请使用者遵照网络安全法合理使用。**

**使用者使用该工具出现任何非法攻击等违法行为，与作者无关。**

## 使用

``` python
python CVE-2018-19518.py 目标ip 目标port shell-ip shell-port
```

![](README.assets/test.png)

File Snapshot


 [4.0K]  /data/pocs/d09af5ebe87d0104eeec977a95a697d0398ad4b7
├── [1.8K]  CVE-2018-19518.py
├── [4.0K]  README.assets
│   └── [105K]  test.png
└── [ 359]  README.md

1 directory, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!