CVE-2019-12725 PoC — Zeroshell 操作系统命令注入漏洞

Source

https://github.com/h3v0x/CVE-2019-12725-Command-Injection

Associated Vulnerability

Title:Zeroshell 操作系统命令注入漏洞 (CVE-2019-12725)
Description:Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters.

Description

ZeroShell 3.9.0 Remote Command Injection

Readme

# POC CVE-2019-12725-Remote-Command-Execution

ZeroShell 3.9.0 Remote Command Injection

- Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters. 

### Exploit Usage

#### Commands:

`$ sudo python ZeroShell_RCE.py -u <Base_Host> `

![](https://github.com/hevox/CVE-2019-12725-Command-Injection/blob/main/imgs/ZeroShell.png)

- References:
  
  https://www.exploit-db.com/exploits/49862
  
  https://packetstormsecurity.com/files/162561/ZeroShell-3.9.0-Remote-Command-Execution.html

  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12725

File Snapshot


 [4.0K]  /data/pocs/8024cdd00043b3a8eed53b82e9cbcd44feb8f0c9
├── [4.0K]  imgs
│   └── [ 56K]  ZeroShell.png
├── [ 767]  README.md
└── [2.3K]  ZeroShell_RCE.py

1 directory, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!