Exploit for CVE-2024-2961

Name: Exploit for CVE-2024-2961
Rating: 5 (165 reviews)
2025-01-27 | CVSS 7.3
## https://sploitus.com/exploit?id=01B25FEC-F042-5426-9ED3-B8FE6230F305
# CVE-2024-2961 Remote File Read

This script demonstrates how to exploit a vulnerability in systems using the `iconv` library when it mishandles character encoding conversions, as described in **CVE-2024-2961**. It allows an attacker to read arbitrary files from the server by taking advantage of PHP filter chains and flawed encoding handling.

The script automates the process of uploading a crafted payload, retrieving the resulting file, and displaying its contents. It builds on the research detailed in the article: [Iconv CVE-2024-2961: Exploiting Character Encoding Conversions](https://www.ambionics.io/blog/iconv-cve-2024-2961-p1).

---
## How It Works

The script follows these steps:

1. **Payload Creation**  
   It creates a PHP filter chain payload that leverages `iconv` encoding conversions to read any file on the server. This payload is designed to bypass normal restrictions, allowing access to files such as `/etc/passwd` or other sensitive files.

2. **File Upload**  
   It sends a POST request to the target server's `admin-ajax.php` endpoint, mimicking an image upload. The payload is hidden within the request so that the server processes it as if it were a legitimate file.

3. **File Download**  
   After uploading the payload, the script downloads the file that now contains the contents of the target file. Finally, it extracts and displays these contents.

---
## Prerequisites

- Python 3.x
- The `requests` library (install it with `pip install requests`)
- A vulnerable server running a susceptible version of `iconv` and PHP.

---
## Usage

1. **Clone the Repository or Download the Script:**

   ```bash
   git clone https://github.com/kyotozx/CVE-2024-2961-Remote-File-Read.git
   cd CVE-2024-2961-Remote-File-Read
   ```

2. **Run the Script:**

   ```bash
   python3 lfi.py
   ```

3. **Follow the Prompts:**
   - Enter the file path you want to read (for example, `/etc/passwd`).
   - Provide a numeric ID for the upload (for example, `1`).

4. **What the Script Does:**
   - It uploads the crafted payload to the server.
   - It downloads the file generated by the server.
   - It displays the content of the target file on your screen.

---
## Example

```plaintext
Remote File Read Exploitation - CVE-2024-2961
Enter the path of the file you want to read (e.g., /etc/passwd): /etc/passwd
Enter a numeric ID for the upload (e.g., 1): 1
File uploaded successfully: http://blog.bigbang.htb/wp-content/uploads/2025/01/1-50.png
File content:
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
...
```

---
## Disclaimer

This script is intended solely for **educational and authorized testing purposes**. Do not use it on systems without explicit permission. 

---
### References

- [CVE-2024-2961](https://vulners.com/cve/CVE-2024-2961)
- [Ambionics Blog: Iconv CVE-2024-2961](https://www.ambionics.io/blog/iconv-cve-2024-2961-p1)

---