Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2018-19246 PoC — PHP-Proxy 安全漏洞

Source
https://github.com/NeoWans/CVE-2018-19246
Associated Vulnerability
Title:PHP-Proxy 安全漏洞 (CVE-2018-19246)
Description:PHP-Proxy 5.1.0 allows remote attackers to read local files if the default "pre-installed version" (intended for users who lack shell access to their web server) is used. This occurs because the aeb067ca0aa9a3193dce3a7264c90187 app_key value from the default config.php is in place, and this value can be easily used to calculate the authorization data needed for local file inclusion.
Readme
# CVE-2018-19246

## Proof of Concept

**Usage**

```shell
docker build -t lucas/cve-2018-19246:0.1.0 .
docker run --rm -it -p 80:80 lucas/cve-2018-19246:0.1.0
python2 Pocsuite-2.0.8/pocsuite.py -u 172.17.0.1 -r PoC.py
```
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →