Old School Pwning with New School Tricks :: Vanilla Forums domGetImages getimagesize Unserialize Remote Code Execution Vulnerability
Tags
attack-pattern: Data Server - T1583.004 Server - T1584.004 Vulnerabilities - T1588.006
Show in Graph
Common Information
Type Value
UUID e91048c5-adb2-483e-b4c2-0fa78c839f0f
Fingerprint 8e099ad97825128a
Analysis status DONE
Considered CTI value 0
Text language
Published Oct. 2, 2018, 3 p.m.
Added to db Jan. 18, 2023, 10:28 p.m.
Last updated Nov. 18, 2024, 11:23 a.m.
Headline Old School Pwning with New School Tricks :: Vanilla Forums domGetImages getimagesize Unserialize Remote Code Execution Vulnerability
Title Old School Pwning with New School Tricks :: Vanilla Forums domGetImages getimagesize Unserialize Remote Code Execution Vulnerability
Detected Hints/Tags/Attributes 31/1/24
Source URLs
Redirection Url
Details Source https://srcincite.io/blog/2018/10/02/old-school-pwning-with-new-school-tricks-vanilla-forums-remote-code-execution.html
URL Provider
Details Provider Source level domain
Details srcincite.io srcincite.io
Attributes
Details Type #Events CTI Value
Details CVE 2 
cve-2018-18903
Details Domain 21 
poc.py
Details Domain 3 
ex.com
Details Domain 2 
baz.com
Details File 1 
general.php
Details File 5 
'test.txt
Details File 2 
poc.jpg
Details File 1207 
index.php
Details File 1 
6o51zt69p0s4.jpg
Details File 20 
poc.py
Details IPv4 1 
172.16.175.143
Details IPv4 2 
172.16.175.1
Details Url 1 
http://target/index.php?p=
Details Url 1 
http://172.16.175.143
Details Url 1 
http://172.16.175.143/?c=phpinfo
Details Url 1 
http://172.16.175.143/?c=system
Details Url 1 
http://ex.com/bar
Details Url 1 
http://ex.com/foo
Details Url 1 
http://ex.com/foo/bar
Details Url 1 
https://ex.com
Details Url 1 
http://ex.com
Details Url 1 
https://baz.com
Details Url 1 
http://ex.com/bar/baz
Details Url 1 
http://ex.com/bar/foo