Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2012-1823 PoC — PHP ‘php-cgi’ 参数信息泄漏漏洞

Source
https://github.com/JasonHobs/CVE-2012-1823-exploit-for-https-user-password-web
Associated Vulnerability
Title:PHP ‘php-cgi’ 参数信息泄漏漏洞 (CVE-2012-1823)
Description:sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
Description
CVE-2012-1823 exploit for https user password website.
Readme
CVE-2012-1823 file is exploit 

use : python3 CVE-2012-1823.py

CVE-2012-1823,CVE-2021-2291.py file find out if the site is vulnurable for CVE-2012-1823 or CVE-2021-2291

use : python3 CVE-2012-1823,CVE-2021-2291.py 

tested on kali linux
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →