CVE-2023-33253 PoC — LabCollector 代码问题漏洞

Source

https://github.com/Toxich4/CVE-2023-33253

Associated Vulnerability

Title:LabCollector 代码问题漏洞 (CVE-2023-33253)
Description:LabCollector是LabCollector公司的一个多合一的实验室管理平台。 LabCollector 6.0至6.15版本存在安全漏洞。攻击者利用该漏洞可以上传可执行的PHP文件并执行系统命令。

Readme

# CVE-2023-33253

LabCollector 6.0 though 6.15 allows remote code execution
An authenticated remote low-privileged user can upload an executable PHP file and execute system commands.
The vulnerability is in the message function, and is due to insufficient validation of the file (such as shell.jpg.php.shell) being sent.
Tested on Windows Server 2019 x64

How to use:
> python CVE-2023-33253 -t 127.0.0.1 -u user -p user

PoC:
![Image alt](https://github.com/Toxich4/CVE-2023-33253/blob/main/PoC.gif)

File Snapshot


 [4.0K]  /data/pocs/066d456ffa7df22900879c6bb6b29a927ac88063
├── [3.0K]  CVE-2023-33253.py
├── [447K]  PoC.gif
└── [ 501]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!