CVE-2024-2961

This repository contains multiple exploits for CVE-2024-2961, a buffer overflow in glibc's iconv() function, targeting PHP engines and applications like Roundcube and Magento. The exploits leverage PHP filters and direct iconv() calls to achieve remote code execution (RCE).

This PoC exploits CVE-2024-2961, a vulnerability in the `iconv` library's handling of character encoding conversions, to achieve arbitrary file read via PHP filter chains. It automates payload creation, upload, and retrieval to exfiltrate file contents.

This repository provides a Bash script to mitigate CVE-2024-2961, a buffer overflow vulnerability in GNU libc (glibc) versions 2.39 and older, affecting PHP's iconv function with certain Chinese Extended encodings. The script checks for vulnerable encodings, disables them, and verifies the mitigation.

This repository contains a Python-based exploit for CVE-2024-2961, targeting Buddyforms 2.7.7. The exploit chains CVE-2024-2961 (iconv LFI) with CVE-2023-26326 to achieve remote code execution (RCE) via a reverse shell.

This PoC exploits a memory corruption vulnerability in PHP (CVE-2024-2961) by manipulating heap structures and achieving arbitrary code execution through a series of crafted PHP filter chains and heap spraying techniques.

This repository contains a shell script to mitigate CVE-2024-2961 by removing specific Chinese font configurations from the gconv-modules-extra.conf file. The script checks for the presence of GLIBC and vulnerable font configurations before applying the fix.

This repository contains a functional exploit for CVE-2023-26326 (BuddyForms unauthenticated insecure deserialization) chained with CVE-2024-2961 (glibc iconv vulnerability) to achieve RCE on PHP 8.3.x systems. The exploit leverages `php://filter` to bypass deserialization gadget chain limitations and delivers a reverse shell.

This repository contains a functional exploit for CVE-2026-22200, chaining PHP filter injection with CVE-2024-2961 (CNEXT) to achieve unauthenticated RCE on osTicket installations. The exploit includes automated file exfiltration, libc fingerprinting, and reverse shell capabilities.

The repository claims to be a PoC for CVE-2024-2961 but contains no exploit code. Instead, it is a trading bot for EVM chains, which is unrelated to the CVE. The presence of wallet and private key configurations suggests potential malicious intent.

This PoC exploits CVE-2024-2961 to perform arbitrary file reads on a vulnerable WordPress instance by leveraging a filter chain to bypass file upload restrictions. It interacts with the `/wp-admin/admin-ajax.php` endpoint to upload a malicious payload and retrieve the contents of arbitrary files.

This repository contains a scanner for CVE-2024-2961, a vulnerability in the GNU C Library's iconv function. The code tests for the presence of the vulnerability by attempting to exploit a buffer overflow in the iconv conversion process.

This repository contains a C program designed to test for CVE-2024-2961, a buffer overflow vulnerability in the `iconv()` function of the GNU C Library (glibc). The PoC attempts to trigger the vulnerability by performing a specific character set conversion that could lead to a buffer overflow.

This repository contains a Bash script to patch CVE-2024-2961, a vulnerability in the GNU C Library's iconv functionality. The script checks for vulnerability using a PoC from Sansec, applies a patch by modifying gconv-modules, and verifies the fix.

This repository contains a functional exploit for CVE-2023-26326 (BuddyForms unauthenticated insecure deserialization) chained with CVE-2024-2961 (iconv vulnerability) to achieve remote code execution via `php://filter` manipulation. The exploit bypasses PHP 8+ restrictions by leveraging filter chains and file upload mechanisms in WordPress.

This Metasploit module exploits CVE-2024-34102 (Magento XXE) and CVE-2024-2961 (glibc buffer overflow) to achieve unauthenticated RCE on vulnerable Magento/Adobe Commerce installations. It chains arbitrary file read with a heap-based overflow in PHP's iconv() function.