CVE-2019-11447 PoC — 编号重复

Source

https://github.com/substing/CVE-2019-11447_reverse_shell_upload

Associated Vulnerability

Title:编号重复 (CVE-2019-11447)
Description:An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the profile area via the avatar_file field to index.php?mod=main&opt=personal. There is no effective control of $imgsize in /core/modules/dashboard.php. The header content of a file can be changed and the control can be bypassed for code execution. (An attacker can use the GIF header for this.)

Readme

# CVE-2019-11447 CuteNews 2.1.2 Reverse Shell Upload

A slightly modified version of the [Mt-Code POC](https://github.com/mt-code/CVE-2019-11447) which spawns a full reverse shell rather than a web shell.

This exploit uses the famous [PentestMonkey PHP Reverse Shell](https://github.com/pentestmonkey/php-reverse-shell).

### Install

`pip install -r requirements.txt`

### Example use:

* Create a user on the application
* Run the following
`python exploit.py http://{target}/index.php {myuser} {mypassword}`
* Open a listener and navigate to the path listed by the exploit.

![](example.png)


Disclaimer: I do not take credit for the creation of either of these scripts. 


**Follow the law.**

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →