Skip to content

This is an Exploit for Unrestricted file upload in big file upload functionality in Chamilo-LMS for this location "/main/inc/lib/javascript/bigupload/inc/bigUpload.php" in Chamilo LMS <= v1.11.24, and Attackers can obtain remote code execution via uploading of web shell.

Notifications You must be signed in to change notification settings

Ziad-Sakr/Chamilo-CVE-2023-4220-Exploit

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 

Repository files navigation

Chamilo-LMS-CVE-2023-4220-Exploit

This is an Exploit for Unrestricted file upload in big file upload functionality in Chamilo-LMS for this location /main/inc/lib/javascript/bigupload/inc/bigUpload.php in Chamilo LMS <= v1.11.24, and Attackers can obtain remote code execution via uploading of web shell. Then it will allows arbitrary files to be uploaded to /main/inc/lib/javascript/bigupload/files directory.

Vulnerability POC

-You Can at first run the exploit to know how to use it like that:

chmod +x CVE-2023-4220.sh
./CVE-2023-4220.sh

1 -Then you need to enter the requeierd inputs like that:

~$ ./CVE-2023-4220.sh -f reverse_file -h host_link -p port_in_the_reverse_file

11 -Here we can found the uploaded file in the server

http://target.test/main/inc/lib/javascript/bigupload/files/

5

About

This is an Exploit for Unrestricted file upload in big file upload functionality in Chamilo-LMS for this location "/main/inc/lib/javascript/bigupload/inc/bigUpload.php" in Chamilo LMS <= v1.11.24, and Attackers can obtain remote code execution via uploading of web shell.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages