POC详情: 69aa3f4326a606841a358bbc7115e5bf5b03e196

来源
https://github.com/h4ckologic/CVE-2019-17221
关联漏洞
标题: PhantomJS 安全漏洞 (CVE-2019-17221)
描述:PhantomJS是一款用于自动化网页交互的无头浏览器。 PhantomJS 2.1.1及之前版本中的网页模块的‘page.open()’函数存在安全漏洞。攻击者可借助特制的HTML文件利用该漏洞读取文件系统上任意文件。
描述
PhantomJS uses internal module: webpage, to open, close, render, and perform multiple actions on webpages, which suffers from an arbitrary file read vulnerability. The vulnerability exists in the page.open() function of the webpage module, which loads the specified URL and calls a given callback. When opening a HTML file, an attacker can supply specially crafted file content, which allows reading arbitrary files on the filesystem. The vulnerability is demonstrated by using page.render() as the function callback, resulting in the generation of a PDF or an image of the targeted file.
文件快照

 [4.0K]  /data/pocs/69aa3f4326a606841a358bbc7115e5bf5b03e196
└── [633K]  PhantonJS_Arbitrary_File_Read.pdf

0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。