Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

CVE-2018-16763 PoC — FUEL CMS 注入漏洞

Source
https://github.com/uwueviee/Fu3l-F1lt3r
Associated Vulnerability
Title:FUEL CMS 注入漏洞 (CVE-2018-16763)
Description:FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.
Description
Rust implementation of CVE-2018-16763 with some extra features.
Readme
```
________ ___  ___  ________  ___               ________  _____  ___   _________  ________  ________
|\  _____\\  \|\  \|\_____  \|\  \             |\  _____\/ __  \|\  \ |\___   ___\\_____  \|\   __  \
\ \  \__/\ \  \\\  \|____|\ /\ \  \            \ \  \__/|\/_|\  \ \  \\|___ \  \_\|____|\ /\ \  \|\  \
 \ \   __\\ \  \\\  \    \|\  \ \  \            \ \   __\|/ \ \  \ \  \    \ \  \      \|\  \ \   _  _\
  \ \  \_| \ \  \\\  \  __\_\  \ \  \____        \ \  \_|    \ \  \ \  \____\ \  \    __\_\  \ \  \\  \|
   \ \__\   \ \_______\|\_______\ \_______\       \ \__\      \ \__\ \_______\ \__\  |\_______\ \__\\ _\
    \|__|    \|_______|\|_______|\|_______|        \|__|       \|__|\|_______|\|__|  \|_______|\|__|\|__|
```

A rust implementation of [CVE 2018-16763](https://nvd.nist.gov/vuln/detail/CVE-2018-16763) with some extra features.

### How to run
You'll need to either build it or grab a release version from [here](https://gitlab.com/pretzelca/fu3lf1lt3r/-/releases).

The command syntax is as follows:   
`fu3lf1lt3r <target> [file url]`   
If you supply a file url, Fu3l F1lt3r will automatically download that file and execute it on the target, otherwise it will open a live shell.

### Building
Fu3l F1lt3r compiles using the latest Rust stable, just run `cargo build` and it should compile.

### Previews

Live Shell:
[![Fu3l F1lt3r Live Shell](https://res.cloudinary.com/marcomontalbano/image/upload/v1592812937/video_to_markdown/images/youtube--ha7Co1092bc-c05b58ac6eb4c4700831b2b3070cd403.jpg)](https://youtu.be/ha7Co1092bc "Fu3l F1lt3r Live Shell")

Auto-Run:
[![Fu3l F1lt3r Auto-Run](https://res.cloudinary.com/marcomontalbano/image/upload/v1592813047/video_to_markdown/images/youtube--CaOYWn-fmcE-c05b58ac6eb4c4700831b2b3070cd403.jpg)](https://youtu.be/CaOYWn-fmcE "Fu3l F1lt3r Auto-Run")
File Snapshot

 [4.0K]  /data/pocs/030d8c4388f0194043493e2715fd3a4a78cc5a3b
├── [ 31K]  Cargo.lock
├── [ 405]  Cargo.toml
├── [4.0K]  doc
│   └── [2.8K]  README.html
├── [ 34K]  LICENSE
├── [1.8K]  README.md
└── [4.0K]  src
    ├── [ 498]  color_macro.rs
    ├── [1.4K]  cool_text.rs
    └── [4.6K]  main.rs

2 directories, 8 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →