Skip to content
/ CVE-2024-2961-Remote-File-Read Public

This script demonstrates a proof-of-concept (PoC) for exploiting a file read vulnerability in the iconv library, as detailed in Ambionics Security's blog https://www.ambionics.io/blog/iconv-cve-2024-2961-p1.

5 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

kyotozx/CVE-2024-2961-Remote-File-Read

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
README.md
README.md
 
 
lfi.py
lfi.py
 
 

Repository files navigation

CVE-2024-2961 Remote File Read

This script demonstrates how to exploit a vulnerability in systems using the iconv library when it mishandles character encoding conversions, as described in CVE-2024-2961. It allows an attacker to read arbitrary files from the server by taking advantage of PHP filter chains and flawed encoding handling.

The script automates the process of uploading a crafted payload, retrieving the resulting file, and displaying its contents. It builds on the research detailed in the article: Iconv CVE-2024-2961: Exploiting Character Encoding Conversions.

How It Works

The script follows these steps:

  1. Payload Creation
    It creates a PHP filter chain payload that leverages iconv encoding conversions to read any file on the server. This payload is designed to bypass normal restrictions, allowing access to files such as /etc/passwd or other sensitive files.

  2. File Upload
    It sends a POST request to the target server's admin-ajax.php endpoint, mimicking an image upload. The payload is hidden within the request so that the server processes it as if it were a legitimate file.

  3. File Download
    After uploading the payload, the script downloads the file that now contains the contents of the target file. Finally, it extracts and displays these contents.

Prerequisites

  • Python 3.x
  • The requests library (install it with pip install requests)
  • A vulnerable server running a susceptible version of iconv and PHP.

Usage

  1. Clone the Repository or Download the Script:

    git clone https://github.com/kyotozx/CVE-2024-2961-Remote-File-Read.git
cd CVE-2024-2961-Remote-File-Read

  2. Run the Script:

    python3 lfi.py

  3. Follow the Prompts:

    • Enter the file path you want to read (for example, /etc/passwd).
    • Provide a numeric ID for the upload (for example, 1).

  4. What the Script Does:

    • It uploads the crafted payload to the server.
    • It downloads the file generated by the server.
    • It displays the content of the target file on your screen.

Example

Remote File Read Exploitation - CVE-2024-2961
Enter the path of the file you want to read (e.g., /etc/passwd): /etc/passwd
Enter a numeric ID for the upload (e.g., 1): 1
File uploaded successfully: http://blog.bigbang.htb/wp-content/uploads/2025/01/1-50.png
File content:
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
...

Disclaimer

This script is intended solely for educational and authorized testing purposes. Do not use it on systems without explicit permission.

References

About

This script demonstrates a proof-of-concept (PoC) for exploiting a file read vulnerability in the iconv library, as detailed in Ambionics Security's blog https://www.ambionics.io/blog/iconv-cve-2024-2961-p1.

Resources

Readme
Activity

Stars

5 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages