Vdesk: Hangupphp3 Exploit [best]

(or similar) script. This script was designed to handle user sessions or "hang up" a connection but failed to sanitize parameters passed through the URL. Vulnerability Type: Remote Command Execution (RCE). Root Cause:

The "3" refers to the original PHP3-era session mechanism, still present in some forks of vDesk until 2021. vdesk hangupphp3 exploit

def main(): url = 'http://target-ip/vdesk/hangup.php' php_code = '<?php echo "You have been pwned!"; ?>' result = exploit_vdesk_hangup_php3(url, php_code) if result: print(result) (or similar) script

| CVE ID | Vulnerability Type | Severity (CVSS) | Affected Versions | | :--- | :--- | :--- | :--- | | CVE-2022-45172 | Broken Access Control (Privilege Escalation) | 9.8 (CRITICAL) | ≤ v018 | | CVE-2022-45174 | 2FA Bypass for SAML Users | 9.8 (CRITICAL) | ≤ v018 | | CVE-2022-45173 | 2FA Bypass via Client-Side Manipulation | 9.8 (CRITICAL) | ≤ v018 | | CVE-2022-45171 | Unrestricted Dangerous File Upload | 8.8 (HIGH) | ≤ v018 | | CVE-2022-45170 | Cryptographic Issue (File Decryption) | 6.5 (MEDIUM) | ≤ v018 | | CVE-2022-45168 | 2FA Backup Code Generation Before TOTP Check | 6.5 (MEDIUM) | ≤ v018 | | CVE-2022-45176 | Stored Cross-Site Scripting (XSS) | 5.4 (MEDIUM) | ≤ v018 | | CVE-2022-45177 | Observable Response Discrepancy (Information Disclosure) | 7.5 (HIGH) | ≤ v031 | | CVE-2022-45179 | Basic XSS via Reminders | 5.4 (MEDIUM) | ≤ v031 | Root Cause: The "3" refers to the original

The primary source of confusion lies in the fact that and "hangup.php3" belong to two completely different software ecosystems:

: Scanners look for exposed VDesk directories and the presence of the hangup.php3 file.

The exploit abuses the session_write_close() function and the pcntl_signal() handling of SIGHUP (hang-up signal) to achieve arbitrary code execution with web server privileges.