Skip to content

p33d/CVE-2024-9441

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 

Repository files navigation

CVE-2024-9441

Description of the Vulnerability:

This code exploits a Remote Code Execution (RCE) vulnerability that occurs due to improper input sanitization in a PHP-based web application. The specific weakness is in the "forgot password" functionality (index.php?c=user&m=forgot_password), where user input is not properly sanitized, allowing attackers to inject arbitrary PHP code into the server.

This script exploits a vulnerability in a PHP-based application to upload a malicious PHP script to the server and execute system commands via HTTP requests. Steps to Use:

python exploit.py "/bin/ls -al /var/www/html"

If the exploit succeeds, you should see the directory contents in the terminal output.

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages