CVE-2023-45878 PoC — Gibbon 安全漏洞

Source

https://github.com/byt3loss/CVE-2023-45878_to_RCE

Associated Vulnerability

Title:Gibbon 安全漏洞 (CVE-2023-45878)
Description:Gibbon是一个解决教育工作者每天遇到的实际问题的学校平台。 GibbonEdu Gibbon 25.0.1版本存在安全漏洞，该漏洞源于允许未经身份验证的攻击者将任意文件上传到应用程序，并在底层系统上执行代码。

Description

This script chains and automates Arbitrary File Write to RCE on Gibbon LMS through CVE-2023-45878 exploitation.

Readme

# CVE-2023-45878 to RCE

![cve-2023-45878_to_rce](https://github.com/user-attachments/assets/31f39e23-8101-4588-9de4-a71694d0f7b2)

This script chains and automates Arbitrary File Write to RCE on Gibbon LMS through CVE-2023-45878 exploitation.

The script performs the following steps:
1. Generates an msfvenom stageless reverse shell for Windows
2. Uploads a webshell exploiting CVE-2023-45878
3. Downloads the reverse shell on the target
4. Executes the reverse shell

File Snapshot


 [4.0K]  /data/pocs/3c2c38bd8b5d0304c9d84cf390b392170b93b335
├── [2.3K]  CVE-2023-45878.sh
└── [ 470]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!