Skip to content
/ CVE-2024-2961-Remote-File-Read Public
forked from kyotozx/CVE-2024-2961-Remote-File-Read

This script demonstrates a proof-of-concept (PoC) for exploiting a file read vulnerability in the iconv library, as detailed in Ambionics Security's blog https://www.ambionics.io/blog/iconv-cve-2024-2961-p1.

0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

allsmog/CVE-2024-2961-Remote-File-Read

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
README.md
README.md
 
 
lfi.py
lfi.py
 
 

Repository files navigation

CVE-2024-2961 Remote File Read

This script is designed to exploit a vulnerability in systems that use the iconv library with improper handling of character encoding conversions, as described in CVE-2024-2961. The vulnerability allows an attacker to read arbitrary files on the server by leveraging PHP filter chains and improper encoding conversions.

The script automates the process of uploading a malicious payload, downloading the resulting file, and displaying its contents. It is based on the research and techniques detailed in the article: Iconv CVE-2024-2961: Exploiting Character Encoding Conversions.

How It Works

The script exploits the following steps:

  1. Payload Creation:

    • Generates a PHP filter chain payload that uses iconv encoding conversions to read arbitrary files on the server.
    • The payload is designed to bypass restrictions and read files like /etc/passwd or other sensitive files.

  2. File Upload:

    • Sends a POST request to the target server's admin-ajax.php endpoint, simulating an image upload.
    • The payload is embedded in the request, tricking the server into processing it as a valid file.

  3. File Download:

    • After the upload, the script downloads the resulting file, which contains the contents of the target file.
    • The script then extracts and displays the file contents.

Prerequisites

  • Python 3.x
  • requests library (pip install requests)
  • A vulnerable server that is susceptible to CVE-2024-2961 (e.g., a server using a vulnerable version of iconv and PHP).

Usage

  1. Clone the repository or download the script:

    git clone https://github.com/kyotozx/CVE-2024-2961-Remote-File-Read.git
cd CVE-2024-2961-Remote-File-Read

  2. Run the script:

    python3 lfi.py

  3. Follow the prompts:

    • Enter the path of the file you want to read (e.g., /etc/passwd).
    • Enter a numeric ID for the upload (e.g., 1).

  4. The script will:

    • Upload the payload to the server.
    • Download the resulting file.
    • Display the contents of the target file.

Example

Remote File Read Exploitation - CVE-2024-2961
Enter the path of the file you want to read (e.g., /etc/passwd): /etc/passwd
Enter a numeric ID for the upload (e.g., 1): 1
File uploaded successfully: http://blog.bigbang.htb/wp-content/uploads/2025/01/1-50.png
File content:
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
...

Disclaimer

This script is intended for educational and authorized testing purposes only. Do not use it on systems without explicit permission. The authors are not responsible for any misuse or damage caused by this tool.

Credits

References

About

This script demonstrates a proof-of-concept (PoC) for exploiting a file read vulnerability in the iconv library, as detailed in Ambionics Security's blog https://www.ambionics.io/blog/iconv-cve-2024-2961-p1.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%