CVE-2019-18818 PoC — strapi 授权问题漏洞

Source

https://github.com/abelsrzz/CVE-2019-18818_CVE-2019-19609

Associated Vulnerability

Title:strapi 授权问题漏洞 (CVE-2019-18818)
Description:strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.

Description

This repository contains a Python script to exploit two vulnerabilities: CVE-2019-18818 and CVE-2019-19609.

Readme

# Exploits for CVE-2019-18818 and CVE-2019-19609

This repository contains a Python script to exploit two vulnerabilities: CVE-2019-18818 and CVE-2019-19609.

## CVE-2019-18818

This vulnerability allows an attacker to reset the password of an admin user in the Strapi CMS.

### Usage

1. Modify the `target` and `strapi_port` variables in the script to match the target Strapi instance.
2. Run the script to reset the admin password.

## CVE-2019-19609

This vulnerability allows an attacker to execute arbitrary commands on the server running Strapi CMS.

### Usage

1. Modify the `local_ip` and `local_port` variables in the script to match your local machine's IP and desired port for the reverse shell.
2. Ensure you have a netcat listener running on the specified port: `nc -lvnp <local_port>`.
3. Run the script to send the remote shell payload.

## Disclaimer

This script is intended for educational purposes only. Use it at your own risk. The author is not responsible for any damage caused by this script.

## Requirements

- Python 3
- `requests` library
- `pwntools` library

### Installation

```bash
pip install requests pwntools
```

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!