Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2016-4971 PoC — GNU Wget 安全漏洞

Source
https://github.com/gitcollect/CVE-2016-4971
Associated Vulnerability
Title:GNU Wget 安全漏洞 (CVE-2016-4971)
Description:GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.
Description
CVE-2016-4971 written in nodejs
Readme
# CVE-2016-4971
On a server redirect from HTTP to a FTP resource, wget would trust the HTTP server and uses the name in the redirected URL as the destination filename.

See the [post](https://blog.0xbbc.com/2016/06/wget%E6%BC%8F%E6%B4%9Ecve-2016-4971/) on my blog for some detail.

### Usage
On your server, 
```node wget.js```

On your test computer, 
```wget http://url.to.your/server```

### Screenshots
![screenshot 1](https://raw.githubusercontent.com/BlueCocoa/CVE-2016-4971/master/screenshot-1.jpg)

![screenshot 2](https://raw.githubusercontent.com/BlueCocoa/CVE-2016-4971/master/screenshot-2.jpg)
File Snapshot

 [4.0K]  /data/pocs/67326f0bf1a8054921cf76ee434d76bd8cfad17b
├── [ 606]  README.md
├── [321K]  screenshot-1.jpg
├── [688K]  screenshot-2.jpg
└── [5.5K]  wget.js

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →