34 lines (19 loc) · 1.75 KB

PHP-FPM Exploit Example

Description:

This repository contains a powerpoint illustrating two different methods for exploiting the PHP-FPM Vulnerability (CVE-2019-11043) along with the files to do so.

Installation Instructions (also written in powerpoint):

Install docker https://www.docker.com/products/docker-desktop for your operating system.
Clone this repository.
Navigate to the "reproducer" folder
Run the following commands
- docker build -t reproduce-cve-2019-11043 .
- docker run --rm -ti -p 8080:80 reproduce-cve-2019-11043

With the above complete, you should have a container running an nginx server. You can check to see if it is running with.

docker ps

Do the exploit

Follow the instructions and images in the provided powerpoint to exploit the vulnerability.

Bonus round

I added a build of my senior seminar project to the container. Once you've completed the above exploit, you will notice in the file system that there are additional files being served. A build of my senior seminar project, Meeting Manager, is installed and running on the nginx server. Meeting Manager as it is currently configured is wildly insecure (intentionally). With a little bit of time in the web browser, you should be able to access the database and obtain user information with little to no effort. I am not going to include instructions for doing so, as I want to leave something up in the air with this and for you to have a little fun (if you can call messing around with my project fun).

Credits and Acknowledgements

https://twitter.com/d90pwn Original discoverer of anomaly.

https://github.com/neex/phuip-fpizdam Emil Lerner, root clause creator, php.ini configuration, and initial docker container.