Locked exploits Exploits CVE-2018-9206

cve-2018-9206

By dEEpEst
October 30, 2018 in Bugs & Exploits

Followers 0

Start new topic

Recommended Posts

dEEpEst

Posted October 30, 2018

- Share

Posted October 30, 2018

A quick POC for CVE-2018-9206.

This exploit will attempt to find one of the three common variations of the software and upload a simple PHP shell.

This is the hidden content, please

I've done some testing against the 1000 forks of the original code and it seems only 36 were not vulnerable. I found these only required a slight tweak to my exploit to get the majority of them working.

Results are in the file test_results.txt.

Special Thanks to Phackt, @phackt_ul. He refactored the exploit code and added the docker testing environment.

For testing purpose (will create an Apache/PHP docker container with vuln versions of the plugin):
./docker/install.sh

You can examine the docker container with:

root # docker run -it vuln bash


This is the hidden content, please


Sign In

or

Sign Up

Link to comment

Share on other sites

This topic is now closed to further replies.

Followers 0

Go to topic listing

Similar Content
- Scam Pages+Letters+Exploits+Tools Pack [Priv8]
  
  By Alexander007, April 14
  - letters
  - scampages
  - (and 2 more)
    
    Tagged with:
    
    letters
    
    scampages
    
    exploits
    
    tools pack
  - 0 replies
  - 85 views
- exploit AuthMeBridge Exploit
  
  By ~~tify~~ , May 15, 2023
  - minecraft
  - authmebridge exploit
  - (and 4 more)
    
    Tagged with:
    
    minecraft
    
    authmebridge exploit
    
    authmebridge
    
    minecraft exploits
    
    minecraft exploit
    
    exploits
  - 0 replies
  - 359 views
- SpoolSploit: collection of Windows print spooler exploits
  
  By itsMe, September 14, 2021
  - spoolsploit:
  - collection
  - (and 4 more)
    
    Tagged with:
    
    spoolsploit:
    
    collection
    
    windows
    
    print
    
    spooler
    
    exploits
  - 0 replies
  - 366 views
- Findsploit v2.0 - Find exploits in local and online databases instantly
  
  By itsMe, July 27, 2020
  - findsploit
  - v2.0
  - (and 7 more)
    
    Tagged with:
    
    findsploit
    
    v2.0
    
    find
    
    exploits
    
    local
    
    and
    
    online
    
    databases
    
    instantly
  - 0 replies
  - 648 views
- Verci Spy System RAT | Ransomware | NSA Exploits | UAC | Spread
  
  By dEEpEst, November 27, 2019
  - verci
  - spy
  - (and 7 more)
    
    Tagged with:
    
    verci
    
    spy
    
    system
    
    rat
    
    ransomware
    
    nsa
    
    exploits
    
    uac
    
    spread
  - 2 replies
  - 2,088 views

Sign In

Locked exploits Exploits CVE-2018-9206

Recommended Posts

dEEpEst

Link to comment

Share on other sites

Similar Content

Scam Pages+Letters+Exploits+Tools Pack [Priv8]

exploit AuthMeBridge Exploit

SpoolSploit: collection of Windows print spooler exploits

Findsploit v2.0 - Find exploits in local and online databases instantly

Verci Spy System RAT | Ransomware | NSA Exploits | UAC | Spread

Browse

Activity

Store

Important Information