Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Ladon POC Moudle CVE-2019-11043 (PHP-FPM + Ngnix)

漏洞简介

PHP-FPM 远程代码执行漏洞(CVE-2019-11043)

在长亭科技举办的 Real World CTF 中,国外安全研究员 Andrew Danau 在解决一道 CTF 题目时发现,向目标服务器 URL 发送 %0a 符号时,服务返回异常,疑似存在漏洞。

在使用一些有错误的Nginx配置的情况下,通过恶意构造的数据包,即可让PHP-FPM执行任意代码。

Example

和Ladon.exe放在同一目录,即可对C段或url.txt进行批量检测

Ladon CVE-2019-11043_Poc.ini 批量URL检测(根目录下放url.txt)
Ladon 192.168.1.37/24 CVE-2019-11043_Poc.ini 批量检测C段主机是否存在该漏洞
Ladon http://192.168.1.37:8080/index.php CVE-2019-11043_Poc.ini 指定URL
Ladon 5.5
By K8gege
Call AnyExe/Command
http://192.168.1.37:8080/index.php
load F:\Python279\python.exe
ISVUL: CVE-2019-11043 http://192.168.1.37:8080/index.php

下载

Ladon: https://github.com/k8gege/Ladon

Name		Name	Last commit message	Last commit date
Latest commit History 8 Commits
CVE-2019-11043-POC.PNG		CVE-2019-11043-POC.PNG
CVE-2019-11043-POC.py		CVE-2019-11043-POC.py
CVE-2019-11043_POC.ini		CVE-2019-11043_POC.ini
LICENSE		LICENSE
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Ladon POC Moudle CVE-2019-11043 (PHP-FPM + Ngnix)

漏洞简介

Example

下载

About

Releases

Packages

Languages

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

License

k8gege/CVE-2019-11043

Folders and files

Latest commit

History

Repository files navigation

Ladon POC Moudle CVE-2019-11043 (PHP-FPM + Ngnix)

漏洞简介

Example

下载

About

Topics

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Packages