CVE-2019-7731

CVE-2019-7731

About

• https://nvd.nist.gov/vuln/detail/CVE-2019-7731

PoC / Exploit

• https://github.com/eddietcc/CVEnotes/blob/master/MyWebSQL/RCE/readme.md

Environment used

• Ubuntu 18.04 LTS
• MyWebSQL 3.7

Requirements

• docker
• docker-compose

Reproduction

• Docker version:

  • Run cd Docker\ version/ && docker-compose up
  • Access http://SERVER_IP:8000/mywebsql
  • Fill the form with the following data:
    • User ID: root
    • Password: root
    • Server: Custom Server
    • Server Address: db (MySQL)

• Script version:

  • Run cd Script\ version/ && docker-compose up -d && sudo bash installation.sh
  • Access http://SERVER_IP:80/mywebsql
  • Fill the form with the following data:
    • User ID: root
    • Password: root
    • Server: Localhost MySQL

• Follow the guide here