PHP8: php-curl-RCE-Privilage-Escalation

2023.12.04
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

## Title: PHP8: php-curl-RCE-Privilage-Escalation ## Author: nu11secur1ty ## Date: 12/04/2023 ## Vendor: https://www.php.net/manual/en/function.curl-close ## Software: https://www.php.net/manual/en/book.curl.php ## Reference: https://portswigger.net/web-security/access-control ## Description: A successful attack can be possible when the attacker is hacking the Windows web server, like XAMPP, IIS, or just some LAMP service. The attacker must find a weak sanitizing function to upload the malicious PHP exploit and exploit this vulnerability. STATUS: MEDIUM-HIGH Vulnerability [+]Exploit execution: ```curl curl -s https://victim.com/your_exploit.php | php ``` [+] Exploit: ```PHP <?PHP //The exploit has a price ?> ``` ## Reproduce: [href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/PHP8-Curl) ## Proof and Exploit: [href](https://www.nu11secur1ty.com/2023/12/php8-php-curl-rce-privilage-escalation.html) ## Time spent: 03:17:00 -- System Administrator - Infrastructure Engineer Penetration Testing Engineer Exploit developer at https://packetstormsecurity.com/ https://cve.mitre.org/index.html https://cxsecurity.com/ and https://www.exploit-db.com/ 0day Exploit DataBase https://0day.today/ home page: https://www.nu11secur1ty.com/ hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E= nu11secur1ty <http://nu11secur1ty.com/>


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top