Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-19422 PoC — Subrion CMS 安全漏洞

Source
https://github.com/Swammers8/SubrionCMS-4.2.1-File-upload-RCE-auth-
Associated Vulnerability
Title:Subrion CMS 安全漏洞 (CVE-2018-19422)
Description:/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.
Description
This is an edited version of the CVE-2018-19422 exploit to fix an small but annoying issue I had.
Readme
# SubrionCMS-4.2.1-File-upload-RCE-auth-
This is an edited version of the CVE-2018-19422 exploit to fix an small but annoying issue I had.

I had to use this exploit in a CTF but I could not get it to properly exploit, just kept failing to login. After an unholy amount of time I finally figured out why. It was an issue with the url argument. When I specified a url, the program automatically assumed that I would end it with a / which I didn’t do.
What I was doing:
http://example.com
What I was suppose to do:
http://example.com/

What annoyed me even further was that even in the help menu the example is:
http://target-url/panel
Doesn’t end in a backslash but the program won’t work if you specify the url like this.
So I made a quick edit that checks the last character of the url arg to make sure that it ends with a slash.
File Snapshot

 [4.0K]  /data/pocs/821dc0bde9626f9f3120efed8d7cf8af92375308
├── [5.9K]  exploit.py
└── [ 837]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →