Skip to content

Commit

Permalink
Updated blind exploit readme
Browse files Browse the repository at this point in the history
cfreal committed Sep 30, 2024
1 parent b3aaf62 commit bc95f82
Showing 1 changed file with 11 additions and 2 deletions.
13 changes: 11 additions & 2 deletions blind-cnext-exploit.py
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
#!/usr/bin/env python3
#
# Blind CNEXT: Blind PHP file read to RCE (CVE-2024-2961)
# Date: 2024-05-27
# Date: 2024-09-30
# Author: Charles FOL @cfreal_ (LEXFO/AMBIONICS)
#
# INFORMATIONS
@@ -19,7 +19,7 @@
# - Handle non-PIE ELFs
# - Properly handle ELF endianness
# - Use the libc's Build ID to find system faster
# - Handle dumping addresses that contain newline characters
# - Verify that we properly dump addresses that contain newline characters
#
# DEBUGGING
#
@@ -33,6 +33,15 @@
#
# Unless I see both, issues will be automatically closed.
#
#
# TECHNICAL
#
# The exploit is a blind file read to RCE in PHP, using the iconv filter. Its behavior
# is documented in the following blog posts:
#
# https://www.ambionics.io/blog/iconv-cve-2024-2961-p1
# https://www.ambionics.io/blog/iconv-cve-2024-2961-p3
#

from __future__ import annotations

0 comments on commit bc95f82

Please sign in to comment.