关联漏洞
标题:
GNU C Library 安全漏洞
(CVE-2024-2961)
描述:GNU C Library(glibc,libc6)是一种按照LGPL许可协议发布的开源免费的C语言编译程序。 GNU C Library 2.39 及之前版本存在安全漏洞,该漏洞源于 iconv() 函数可能会缓冲区溢出,导致应用程序崩溃或覆盖相邻变量。
描述
This script demonstrates a proof-of-concept (PoC) for exploiting a file read vulnerability in the iconv library, as detailed in Ambionics Security's blog https://www.ambionics.io/blog/iconv-cve-2024-2961-p1.
介绍
# CVE-2024-2961 Remote File Read
This script is designed to exploit a vulnerability in systems that use the `iconv` library with improper handling of character encoding conversions, as described in **CVE-2024-2961**. The vulnerability allows an attacker to read arbitrary files on the server by leveraging PHP filter chains and improper encoding conversions.
The script automates the process of uploading a malicious payload, downloading the resulting file, and displaying its contents. It is based on the research and techniques detailed in the article: [Iconv CVE-2024-2961: Exploiting Character Encoding Conversions](https://www.ambionics.io/blog/iconv-cve-2024-2961-p1).
---
## **How It Works**
The script exploits the following steps:
1. **Payload Creation**:
- Generates a PHP filter chain payload that uses `iconv` encoding conversions to read arbitrary files on the server.
- The payload is designed to bypass restrictions and read files like `/etc/passwd` or other sensitive files.
2. **File Upload**:
- Sends a POST request to the target server's `admin-ajax.php` endpoint, simulating an image upload.
- The payload is embedded in the request, tricking the server into processing it as a valid file.
3. **File Download**:
- After the upload, the script downloads the resulting file, which contains the contents of the target file.
- The script then extracts and displays the file contents.
---
## **Prerequisites**
- Python 3.x
- `requests` library (`pip install requests`)
- A vulnerable server that is susceptible to CVE-2024-2961 (e.g., a server using a vulnerable version of `iconv` and PHP).
---
## **Usage**
1. Clone the repository or download the script:
```bash
git clone https://github.com/kyotozx/CVE-2024-2961-Remote-File-Read.git
cd CVE-2024-2961-Remote-File-Read
```
2. Run the script:
```bash
python3 lfi.py
```
3. Follow the prompts:
- Enter the path of the file you want to read (e.g., `/etc/passwd`).
- Enter a numeric ID for the upload (e.g., `1`).
4. The script will:
- Upload the payload to the server.
- Download the resulting file.
- Display the contents of the target file.
---
## **Example**
```plaintext
Remote File Read Exploitation - CVE-2024-2961
Enter the path of the file you want to read (e.g., /etc/passwd): /etc/passwd
Enter a numeric ID for the upload (e.g., 1): 1
File uploaded successfully: http://blog.bigbang.htb/wp-content/uploads/2025/01/1-50.png
File content:
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
...
```
---
## **Disclaimer**
This script is intended for **educational and authorized testing purposes only**. Do not use it on systems without explicit permission. The authors are not responsible for any misuse or damage caused by this tool.
---
## **Credits**
- Based on the research and techniques described in the article: [Iconv CVE-2024-2961: Exploiting Character Encoding Conversions](https://www.ambionics.io/blog/iconv-cve-2024-2961-p1).
- Developed as a proof-of-concept to demonstrate the vulnerability.
---
### **References**
- [CVE-2024-2961](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961)
- [Ambionics Blog: Iconv CVE-2024-2961](https://www.ambionics.io/blog/iconv-cve-2024-2961-p1)
---
文件快照
[4.0K] /data/pocs/5825f6682a47a66f6b34a72fe34099403d00439b
├── [5.5K] lfi.py
└── [3.2K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。