PHP-FPM Exploit Example

Description:

• This repository contains a powerpoint illustrating two different methods for exploiting the PHP-FPM Vulnerability (CVE-2019-11043) along with the files to do so.

Installation Instructions (also written in powerpoint):

1. Install docker https://www.docker.com/products/docker-desktop for your operating system.
2. Clone this repository.
3. Navigate to the "reproducer" folder
4. Run the following commands
   • docker build -t reproduce-cve-2019-11043 .
   • docker run --rm -ti -p 8080:80 reproduce-cve-2019-11043

With the above complete, you should have a container running an nginx server. You can check to see if it is running with.

• docker ps

Do the exploit

Follow the instructions and images in the provided powerpoint to exploit the vulnerability.

Bonus round

I added a build of my senior seminar project to the container. Once you've completed the above exploit, you will notice in the file system that there are additional files being served. A build of my senior seminar project, Meeting Manager, is installed and running on the nginx server. Meeting Manager as it is currently configured is wildly insecure (intentionally). With a little bit of time in the web browser, you should be able to access the database and obtain user information with little to no effort. I am not going to include instructions for doing so, as I want to leave something up in the air with this and for you to have a little fun (if you can call messing around with my project fun).

Credits and Acknowledgements

https://twitter.com/d90pwn Original discoverer of anomaly.

https://github.com/neex/phuip-fpizdam Emil Lerner, root clause creator, php.ini configuration, and initial docker container.