Search the Community
Showing results for tags 'cve-2018-9206'.
-
A quick POC for CVE-2018-9206. This exploit will attempt to find one of the three common variations of the software and upload a simple PHP shell. I've done some testing against the 1000 forks of the original code and it seems only 36 were not vulnerable. I found these only required a slight tweak to my exploit to get the majority of them working. Results are in the file test_results.txt. Special Thanks to Phackt, @phackt_ul. He refactored the exploit code and added the docker testing environment. For testing purpose (will create an Apache/PHP docker container with vuln versions of the plugin): ./docker/install.sh You can examine the docker container with: root # docker run -it vuln bash [hide][Hidden Content]]