cve-2020-11060-poc
Python2 POC for CVE 2020-11060
Usage
python cve-2020-11060.py --url http://target --user --password --platform <Win/Nix>
Additional Information
Versions: 0.8.5 - 9.4.5 This exploit requires a user with technician rights or higher. This can be achieved with something like CVE 2019-14666. Original CVE writeup: https://offsec.almond.consulting/playing-with-gzip-rce-in-glpi.html
The original writeup explains things like the path and table offsets. These can be easily updated in the script as needed.