CVE-2019-11043 PoC — Underflow in PHP-FPM can lead to RCE

Source

https://github.com/k8gege/CVE-2019-11043

Associated Vulnerability

Title:Underflow in PHP-FPM can lead to RCE (CVE-2019-11043)
Description:In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

Description

Ladon POC Moudle CVE-2019-11043 (PHP-FPM + Ngnix)

Readme

## Ladon POC Moudle CVE-2019-11043 (PHP-FPM + Ngnix)

### 漏洞简介
PHP-FPM 远程代码执行漏洞(CVE-2019-11043)

在长亭科技举办的 Real World CTF 中,国外安全研究员 Andrew Danau 在解决一道 CTF 题目时发现,向目标服务器 URL 发送 %0a 符号时,服务返回异常,疑似存在漏洞。

在使用一些有错误的Nginx配置的情况下,通过恶意构造的数据包,即可让PHP-FPM执行任意代码。

### Example
和Ladon.exe放在同一目录,即可对C段或url.txt进行批量检测
``` bash
Ladon CVE-2019-11043_Poc.ini 批量URL检测(根目录下放url.txt)
Ladon 192.168.1.37/24 CVE-2019-11043_Poc.ini 批量检测C段主机是否存在该漏洞
Ladon http://192.168.1.37:8080/index.php CVE-2019-11043_Poc.ini 指定URL
Ladon 5.5
By K8gege
Call AnyExe/Command
http://192.168.1.37:8080/index.php
load F:\Python279\python.exe
ISVUL: CVE-2019-11043 http://192.168.1.37:8080/index.php

```

<img src=https://github.com/k8gege/CVE-2019-11043/blob/master/CVE-2019-11043-POC.PNG></img>
### 下载
Ladon: https://github.com/k8gege/Ladon

File Snapshot


 [4.0K]  /data/pocs/02bb320a9f6be04eb591302a4f5ef21bd71e5d22
├── [  68]  CVE-2019-11043_POC.ini
├── [ 24K]  CVE-2019-11043-POC.PNG
├── [1.2K]  CVE-2019-11043-POC.py
├── [1.0K]  LICENSE
└── [1.1K]  README.md

0 directories, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!