Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-15227 PoC — Remote Code Execution vulnerability

Source
https://github.com/Langriklol/CVE-2020-15227
Associated Vulnerability
Title:Remote Code Execution vulnerability (CVE-2020-15227)
Description:Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. Nette is a PHP/Composer MVC Framework.
Description
CVE-2020-15227 exploit
Readme
CVE-2020-15227
==============

DISCLAIMER! I take no responsibility of using it in wild life environment so please do NOT do it. This thingy is just to demonstrate and for test things for sysadmins

I made this exploit according to publishing a CVE of David Grudl (The founder of Nette foundation)

As a security researcher I developed a little monster (for educational and demonstrational purposes of course and for ethical reasons I've made autofixer too)

The security vulnerability exploits callback parameter in nette.micro. We have no idea why the crap that exists (possible backdoor feature?)

Exploit is trying to get reverse shell from the victim server. The URL is hardcoded here so no stress about exploit edits.

PRs are welcomed!
File Snapshot

 [4.0K]  /data/pocs/8112939a4d34064b95acef167a66a7fa0cee1ae9
├── [1.1K]  autofixer-CVE-2020-15227.py
├── [2.2K]  exploit-CVE-2020-15227.py
└── [ 743]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →