CVE-2018-1207 PoC — Dell EMC iDRAC7和iDRAC8 代码注入漏洞

Source

https://github.com/un4gi/CVE-2018-1207

Associated Vulnerability

Title:Dell EMC iDRAC7和iDRAC8 代码注入漏洞 (CVE-2018-1207)
Description:Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code.

Description

A proof of concept for CVE-2018-1207.

Readme

# CVE-2018-1207
A proof of concept for CVE-2018-1207.

## Requirements

In order to run, you will need to install the sh4-linux-gnu-gcc-9 package.

For Ubuntu 20.04:
```bash
apt install build-essential
wget http://security.ubuntu.com/ubuntu/pool/universe/g/gcc-9-cross-ports/gcc-9-sh4-linux-gnu_9.4.0-1ubuntu1~20.04cross1_amd64.deb
dpkg -i gcc-9-sh4-linux-gnu_9.4.0-1ubuntu1-20.04cross1_amd64.deb
```

## Install

```bash
git clone https://github.com/un4gi/CVE-2018-1207.git
cd CVE-2018-1207
go build .
```


## Usage

```bash
./CVE-2018-1207 -t <target> -p <port>
```

## References

https://www.youtube.com/watch?v=mosERjbrgdo  
https://www.immunityinc.com/downloads/The-Unbearable-Lightness-of-BMC-wp.pdf  
https://i.blackhat.com/us-18/Wed-August-8/us-18-Waisman-Soler-The-Unbearable-Lightness-of-BMC.pdf

File Snapshot


 [4.0K]  /data/pocs/3093df4576e67a67eeea1d853942f438d0b7b1ad
├── [4.0K]  bin
├── [  47]  go.mod
├── [1.0K]  LICENSE
├── [6.5K]  main.go
└── [ 810]  README.md

1 directory, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!