Skip to content

Latest commit

 

History

History
46 lines (29 loc) · 1.18 KB

File metadata and controls

46 lines (29 loc) · 1.18 KB

PoC for CVE-2018-9206

About

Based on the following:

original Poc

Python Poc

Usage

usage: BlueimpScan.py [-h] [-p PREFIX] [-u USER_AGENT] host

CVE-2018-9206 PoC, initial release by Den1al, enhanced by NopSec

positional arguments:
  host                  the host to check, host:port, or CIDR range

optional arguments:
  -h, --help            show this help message and exit
  -p PREFIX, --prefix PREFIX
                        The prefix for the path
  -u USER_AGENT, --user-agent USER_AGENT
                        The user agent to send the requests with

Dependencies

pip3 install -r requirements.txt

Useful stuff to know

  • The path prefix is set to "jQuery-File-Upload-9.22.0", this may not reflect the default path of the vulnerable files on your server(s). If the default setting fails I'd recommend trying "jQuery-File-Upload".

  • There is no output for hosts that are not vulnerable.

Authors

Larry Cashdollar

Daniel Abeles

Shawn Evans