# N/A
## 概述
MagnusSolution 的 magnusbilling 6.x 和 7.x 版本中存在命令注入漏洞,远程攻击者可以通过未认证的HTTP请求执行任意命令。
## 影响版本
- 6.x
- 7.x
## 细节
攻击者可以通过未认证的HTTP请求向系统发送恶意构造的输入,导致执行任意命令。
## 影响
该漏洞允许远程攻击者在未经授权的情况下执行任意命令,可能造成服务器被完全控制,数据泄露或进一步的恶意活动。
# | POC 描述 | 源链接 | 神龙链接 |
---|---|---|---|
1 | None | https://github.com/gy741/CVE-2023-30258-setup | POC详情 |
2 | None | https://github.com/sk00l/CVE-2023-30258 | POC详情 |
3 | None | https://github.com/tinashelorenzi/CVE-2023-30258-magnus-billing-v7-exploit | POC详情 |
4 | Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request. | https://github.com/Chocapikk/CVE-2023-30258 | POC详情 |
5 | POC for CVE-2023-30258-RCE by n0o0b | https://github.com/n00o00b/CVE-2023-30258-RCE-POC | POC详情 |
6 | Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-30258.yaml | POC详情 |
7 | A detailed walkthrough of TryHackMe's Billing room exploiting CVE-2023-30258 and escalating via fail2ban misconfig | https://github.com/AdityaBhatt3010/TryHackMe-Room-Walkthrough-Billing | POC详情 |
暂无评论