CVE-2023-40028 PoC — Ghost Foundation Ghost 后置链接漏洞

Source

https://github.com/rvizx/CVE-2023-40028

Associated Vulnerability

Title:Ghost Foundation Ghost 后置链接漏洞 (CVE-2023-40028)
Description:Ghost Foundation Ghost是Ghost开源的一款用 JavaScript 编写的个人博客系统。 Ghost 5.59.1 版本之前存在后置链接漏洞，该漏洞源于允许经过身份验证的用户上传符号链接文件。攻击者利用该漏洞可以读取任意文件。

Description

CVE-2023-40028 PoC Exploit

Readme

# CVE-2023-40028 PoC Exploit
Symlink Upload Vulnerability in Ghost CMS Leading to Arbitrary File Read

![POC Image](https://www.zyenra.com/assets/img/CVE-2023-40028/poc.png)

## Vulnerability Details

**CVE-2023-40028** is a vulnerability in **Ghost CMS** versions prior to **5.59.1**, where authenticated users can upload symbolic links (symlinks) that lead to arbitrary file reading on the host system.  The vulnerability can be exploited by leveraging the upload feature in Ghost CMS to place a symlink pointing to sensitive files. Once the symlink is uploaded, attackers can access the target file via a crafted HTTP request to the server.

## Exploit Usage

```bash
git clone https://github.com/rvizx/CVE-2023-40028
cd CVE-2023-40028
python3 exploit.py --url <http://target-ghost-cms> -u <username> -p <password>
```

## References

- [CVE-2023-40028 on Mitre](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40028)
- Credits - [PoC Exploit by 0xyassine](https://github.com/0xyassine/CVE-2023-40028/)

File Snapshot


 [4.0K]  /data/pocs/2bef51ad3eb550176442207a665126b936a46b73
├── [4.9K]  exploit.py
└── [1014]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!