Tuleap -lte 7.6.4 PHP Unserialize RCE

preview_player
Показать описание
I follow EgiX and he recently published another PHP Object Injection RCE finding for Tuelap less than or equal to version 7.6.4. I decided to turn it into a quick python exploiter script for fun....

Source: hxxps://pastee[dot]org/tgvuj
  1. Hood3dRob1n
  2. PHP Object Injection
  3. Tuleap
  4. tuleap rce
  5. tuleap exploit
  6. PHP Unserialize RCE
Рекомендации по теме
Tuleap -lte 7.6.4 0:02:01

Tuleap -lte 7.6.4 PHP Unserialize RCE

Remote PHP Shells 0:11:55

Remote PHP Shells via Unserialize() bugs

vBulletin 5.1.2 Unserialize 0:05:49

vBulletin 5.1.2 Unserialize Code Execution - Metasploit

Part 3 - 0:02:13

Part 3 - sugarcrm exploit metasploit

SQLMAP Web GUI 0:06:26

SQLMAP Web GUI - Demo #2

Комментарии
Автор

I like the PHP shell :P You should make it so all you need to do is enter the command and it inserts it in the system();

OpenWireSecurity
join shbcf.ru