POC详情: 5825f6682a47a66f6b34a72fe34099403d00439b

来源
关联漏洞
标题: GNU C Library 安全漏洞 (CVE-2024-2961)
描述:GNU C Library(glibc,libc6)是一种按照LGPL许可协议发布的开源免费的C语言编译程序。 GNU C Library 2.39 及之前版本存在安全漏洞,该漏洞源于 iconv() 函数可能会缓冲区溢出,导致应用程序崩溃或覆盖相邻变量。
描述
This script demonstrates a proof-of-concept (PoC) for exploiting a file read vulnerability in the iconv library, as detailed in Ambionics Security's blog https://www.ambionics.io/blog/iconv-cve-2024-2961-p1.
介绍
# CVE-2024-2961 Remote File Read

This script is designed to exploit a vulnerability in systems that use the `iconv` library with improper handling of character encoding conversions, as described in **CVE-2024-2961**. The vulnerability allows an attacker to read arbitrary files on the server by leveraging PHP filter chains and improper encoding conversions.

The script automates the process of uploading a malicious payload, downloading the resulting file, and displaying its contents. It is based on the research and techniques detailed in the article: [Iconv CVE-2024-2961: Exploiting Character Encoding Conversions](https://www.ambionics.io/blog/iconv-cve-2024-2961-p1).

---

## **How It Works**

The script exploits the following steps:

1. **Payload Creation**:
   - Generates a PHP filter chain payload that uses `iconv` encoding conversions to read arbitrary files on the server.
   - The payload is designed to bypass restrictions and read files like `/etc/passwd` or other sensitive files.

2. **File Upload**:
   - Sends a POST request to the target server's `admin-ajax.php` endpoint, simulating an image upload.
   - The payload is embedded in the request, tricking the server into processing it as a valid file.

3. **File Download**:
   - After the upload, the script downloads the resulting file, which contains the contents of the target file.
   - The script then extracts and displays the file contents.

---

## **Prerequisites**

- Python 3.x
- `requests` library (`pip install requests`)
- A vulnerable server that is susceptible to CVE-2024-2961 (e.g., a server using a vulnerable version of `iconv` and PHP).

---

## **Usage**

1. Clone the repository or download the script:
   ```bash
   git clone https://github.com/kyotozx/CVE-2024-2961-Remote-File-Read.git
   cd CVE-2024-2961-Remote-File-Read
   ```

2. Run the script:
   ```bash
   python3 lfi.py
   ```

3. Follow the prompts:
   - Enter the path of the file you want to read (e.g., `/etc/passwd`).
   - Enter a numeric ID for the upload (e.g., `1`).

4. The script will:
   - Upload the payload to the server.
   - Download the resulting file.
   - Display the contents of the target file.

---

## **Example**

```plaintext
Remote File Read Exploitation - CVE-2024-2961
Enter the path of the file you want to read (e.g., /etc/passwd): /etc/passwd
Enter a numeric ID for the upload (e.g., 1): 1
File uploaded successfully: http://blog.bigbang.htb/wp-content/uploads/2025/01/1-50.png
File content:
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
...
```

---

## **Disclaimer**

This script is intended for **educational and authorized testing purposes only**. Do not use it on systems without explicit permission. The authors are not responsible for any misuse or damage caused by this tool.

---

## **Credits**

- Based on the research and techniques described in the article: [Iconv CVE-2024-2961: Exploiting Character Encoding Conversions](https://www.ambionics.io/blog/iconv-cve-2024-2961-p1).
- Developed as a proof-of-concept to demonstrate the vulnerability.

---

### **References**

- [CVE-2024-2961](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961)
- [Ambionics Blog: Iconv CVE-2024-2961](https://www.ambionics.io/blog/iconv-cve-2024-2961-p1)

---
文件快照

[4.0K] /data/pocs/5825f6682a47a66f6b34a72fe34099403d00439b ├── [5.5K] lfi.py └── [3.2K] README.md 0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。