CVE-2023-34960 PoC — Chamilo 命令注入漏洞

Source

Associated Vulnerability

Description

Chamilo CVE-2023-34960 Batch scan/exploit 

Readme

# Chamilo_CVE-2023-34960-EXP

帮助：

	usage: CVE-2023-34960.py [-h] [-u URL] [-f FILE] [-c COMMAND]

	options:
	  -h, --help            show this help message and exit
	  -u URL, --url URL     完整URL地址(http/https)
	  -f FILE, --file FILE  批量URL文件
	  -c COMMAND, --command COMMAND  执行命令,可选


示例：

	#单个url

	python3 CVE-2023-34960.py -u https://xxxxxxx

![image](https://github.com/YongYe-Security/Chamilo_CVE-2023-34960-EXP/assets/90460865/f7e0b158-5b13-4450-ac91-51a93b2fa0c0)


	#批量扫描
	python3 CVE-2023-34960.py -f url.txt
 ![image](https://github.com/YongYe-Security/Chamilo_CVE-2023-34960-EXP/assets/90460865/28cefd58-f067-4832-ab52-8134df9a2c33)

存在漏洞的扫描结果会存放在当前目录Kill_ALL.txt

微信公众号：YongYe 安全实验室


![yongye](https://github.com/YongYe-Security/Chamilo_CVE-2023-34960-EXP/assets/90460865/91eb1374-1631-476b-9213-71fec8219c95)

File Snapshot

 [4.0K]  /data/pocs/04a6189225804b0a35c887301fe771c2f64cd47b
├── [2.4K]  CVE-2023-34960.py
└── [ 934]  README.md

0 directories, 2 files

Remarks