CVE-2018-19422 PoC — Subrion CMS 安全漏洞

Source

https://github.com/hev0x/CVE-2018-19422-SubrionCMS-RCE

Associated Vulnerability

Title:Subrion CMS 安全漏洞 (CVE-2018-19422)
Description:Subrion CMS是Subrion团队开发的一套基于PHP的内容管理系统（CMS）。该系统可被集成到网站，并支持多种扩展插件等。 Subrion CMS 4.2.1版本中的/panel/uploads存在安全漏洞，该漏洞源于.htaccess文件没有禁止对pht和phar文件的执行操作。远程攻击者可借助.pht或.phar文件利用该漏洞执行任意的PHP代码。

Description

CVE-2018-19422 Authenticated Remote Code Execution

Readme

# CVE-2018-19422-SubrionCMS-RCE

SubrionCMS 4.2.1 Authenticated Remote Code Execution

- /panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these. 

### Exploit Usage

#### Commands:
- Windows/Linux:
`$ sudo python3 subrionRCE.py -u http://IP/panel/ -l <user> -p <password>  `

![](https://github.com/hevox/CVE-2018-19422-SubrionCMS-RCE/blob/main/imgs/SubrionPOC.png)

- References:

  https://www.exploit-db.com/exploits/49876
  
  https://packetstormsecurity.com/files/162591/Subrion-CMS-4.2.1-Shell-Upload.html
  
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19422

File Snapshot


 [4.0K]  /data/pocs/d971b0e7fb90143c707a60c06bd0b300e47ea99e
├── [4.0K]  imgs
│   ├── [   1]  a
│   └── [ 62K]  SubrionPOC.png
├── [ 679]  README.md
└── [5.7K]  SubrionRCE.py

1 directory, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!