CVE-2015-1592 PoC — Six Apart Movable Type 代码注入漏洞

Source

https://github.com/lightsey/cve-2015-1592

Associated Vulnerability

Title:Six Apart Movable Type 代码注入漏洞 (CVE-2015-1592)
Description:Six Apart Movable Type（MT）是美国Six Apart公司的一套博客（blog）系统。Pro、Open Source和Advanced分别是该系统的专业版、开源版和高级版。 Six Apart MT中存在安全漏洞，该漏洞源于程序没有正确使用‘Perl Storable::thaw’函数。远程攻击者可利用该漏洞包含和执行任意本地的Perl文件，并执行任意代码。以下产品和版本受到影响：Six Apart MT Pro 5.2.12及之前版本和6.0.6及之前版本；Open Source

Description

Metasploit modules and payload generation files from my Houston Perl Mongers talk about this vulnerability.

File Snapshot


 [4.0K]  /data/pocs/db725e71f21523448083ffccc0e7f4da29c95e66
├── [1.1K]  LICENSE
├── [ 326]  README
├── [ 10K]  sixapart_movabletype_storable_exec.rb
├── [ 349]  storable-destructive.pl
├── [ 532]  storable-lfi.pl
├── [ 858]  storable-nondestructive.pl
└── [1.0K]  storable-test.pl

0 directories, 7 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!