支持本站 — 捐款将帮助我们持续运营

目标: 1000 元,已筹: 1000

100.0%
立即捐款

POC详情: e899cb4fd0186ebb26e23b73c5437e6062077391

来源
https://github.com/hybridious/CVE-2018-4878
关联漏洞
标题:Adobe Flash Player 安全漏洞 (CVE-2018-4878)
Description:Adobe Flash Player是美国奥多比(Adobe)公司的一款跨平台、基于浏览器的多媒体播放器产品。该产品支持跨屏幕和浏览器查看应用程序、内容和视频。 Adobe Flash Player中存在释放后重用漏洞。远程攻击者可利用该漏洞执行代码,控制系统。以下版本受到影响:基于Windows和Macintosh平台的Adobe Flash Player Desktop Runtime 28.0.0.137及之前的版本,基于Windows、Macintosh、Linux和Chrome OS平台的Ado
Description
Aggressor Script to just launch IE driveby for CVE-2018-4878
介绍
Author and Credits
==================
Author: Vincent Yiu (@vysecurity)

Credits:
   - @evi1cg: Helping me test and keep me motivated
   - @smgoreli: Original Calc.exe PoC

Disclaimer
==========
Developed to encourage more Aggressor script development. Use only in authorized penetration testing!

Description
===========

Aggressor Script to launch an Internet Explorer driveby attack using CVE-2018-4878 exploit for Shockwave Flash player versions before February 2017.

Usage:
======

Video Demonstration: <https://www.youtube.com/watch?v=JhUlOIEdq0s>

* Click Host > Host CVE-2018-4878 Payload > Host
* Send link to victim or embed as part of other pages or a redirect
* Victim hits link with IE and outdated flash, you get a shell back in IE sandbox.


CobaltStrike
============

* Load CVE-2018-4878.cna
文件快照

 [4.0K]  /data/pocs/e899cb4fd0186ebb26e23b73c5437e6062077391
├── [ 60K]  CVE-2018-4878.cna
└── [ 809]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。