Skip to main content
Home/Exploits/PHP/Pluck 4.7.7-dev2 – PHP Code Execution
EXPLOIT CRITICAL (9.8)

Pluck 4.7.7-dev2 – PHP Code Execution

CVE ID: CVE-2018-11736
Vulnerability Type: Remote Code Execution (RCE)
Author: CodeSecLab
Categories: PHP WebApps

Overview

The Pluck 4.7.7-dev2 vulnerability, identified as CVE-2018-11736, is a critical security flaw that allows unauthorized PHP code execution. This vulnerability arises from improper input validation in the Pluck CMS, enabling attackers to exploit the system by injecting malicious code through specially crafted requests. As a result, the integrity and confidentiality of the application can be severely compromised.

Technical Details

The root of CVE-2018-11736 lies in the way Pluck handles user input, particularly in the processing of file uploads. When a user uploads a file, the application fails to sufficiently sanitize the input, allowing an attacker to upload a PHP file disguised as a harmless document. Once uploaded, this file can be executed by the web server, leading to arbitrary code execution. For instance, an attacker could upload a PHP script that creates a backdoor, providing persistent access to the compromised system.

Moreover, the vulnerability can be exploited through a crafted HTTP request that bypasses the application’s security mechanisms. This exploitation can occur without user interaction, making it particularly dangerous for unpatched installations of Pluck CMS. With the ability to execute arbitrary code, an attacker can manipulate the system environment, access sensitive data, or even pivot to other systems within the same network.

Impact

The potential consequences of CVE-2018-11736 are significant. Successful exploitation can lead to complete system compromise, allowing attackers to gain unauthorized access to sensitive information, alter data, or deploy further malicious activities within the network. Organizations relying on Pluck for their content management may face reputational damage, legal repercussions, and financial losses due to data breaches.

Mitigation

To protect against CVE-2018-11736, it is crucial for security professionals to implement immediate measures. First and foremost, organizations should upgrade to the latest version of Pluck CMS, which includes patches that address this vulnerability. Regularly updating software is a fundamental practice in maintaining security posture.

In addition to updating, it is essential to enforce strict input validation and sanitization for all file uploads. Security professionals should also implement Web Application Firewalls (WAF) to monitor and filter incoming traffic, blocking potentially harmful requests. Conducting regular security audits and penetration testing can further help identify vulnerabilities and strengthen the overall security framework of the web application.

Proof of Concept (PoC)

request.http 
# Exploit Title: Pluck 4.7.7-dev2 -  PHP Code Execution 
# Date: 2024-10-26
# Exploit Author: CodeSecLab
# Vendor Homepage: https://github.com/pluck-cms/pluck
# Software Link: https://github.com/pluck-cms/pluck
# Version: 4.74-dev5
# Tested on: Ubuntu Windows
# CVE : CVE-2018-11736

PoC:
1)
1. Log in to the Pluck admin panel.n
2. Navigate to the 'Manage Images' section at http://pluck1/admin.php?action=images.n
3. Upload a file named '.htaccess' with the content-type 'image/jpeg' containing 'AddType application/x-httpd-php .jpg'.n
4. Access the target directory (e.g., http://pluck1/images/test.jpg) to execute PHP code with the .jpg extension.

2)
.htaccess content: 
RewriteEngine On
RewriteRule .* http://www.baidu.com/ [R,L]

[Replace Your Domain Name]

Security Disclaimer

This exploit is provided for educational and authorized security testing purposes only. Unauthorized access to computer systems is illegal and may result in severe legal consequences. Always ensure you have explicit permission before testing vulnerabilities.

sh3llz@loading:~$
Loading security modules...