Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2012-1823 PoC — PHP ‘php-cgi’ 参数信息泄漏漏洞

Source
https://github.com/Dmitri131313/CVE-2012-1823-exploit-for-https-user-password-web
Associated Vulnerability
Title:PHP ‘php-cgi’ 参数信息泄漏漏洞 (CVE-2012-1823)
Description:sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
Description
CVE-2012-1823 exploit for https user password website.
Readme
CVE-2012-1823 file is exploit 

use : python3 CVE-2012-1823.py

CVE-2012-1823,CVE-2021-2291.py file find out if the site is vulnurable for CVE-2012-1823 or CVE-2021-2291

use : python3 CVE-2012-1823,CVE-2021-2291.py 

command whoami cd ls 

tested on kali linux
File Snapshot

 [4.0K]  /data/pocs/7d379fa00e37a4a814b7888fcc3c83059a393a0b
├── [2.5K]  CVE-2012-1823,CVE-2021-2291.py
├── [1.9K]  CVE-2012-1823.py
└── [ 263]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →