CVE-2023-2375 PoC — Ubiquiti EdgeRouter 命令注入漏洞

Source

https://github.com/0x0jr/HTB-Devvortex-CVE-2023-2375-PoC

Associated Vulnerability

Title:Ubiquiti EdgeRouter 命令注入漏洞 (CVE-2023-2375)
Description:Ubiquiti EdgeRouter是美国优比快（Ubiquiti）公司的一个路由器。 Ubiquiti EdgeRouter X 2.0.9-hotfix.6版本及之前版本存在命令注入漏洞，该漏洞源于对参数src的错误操作会导致命令注入。

Description

CVE-2023-23752 Unauthenticated Information Disclosure Showcase Using Devvortex From HTB.

Readme

# Joomla! CVE-2023-23752 - Unauthenticated Information Disclosure PoC

## Description

This repository contains a Proof of Concept (PoC) exploit for CVE-2023-23752, a vulnerability in Joomla! that allows unauthenticated information disclosure. This vulnerability can expose sensitive information, including database credentials, configuration files, and more, to unauthenticated users.

## PoC

You can watch my PoC on this CVE here:

https://www.youtube.com/watch?v=vf_d0AWd7T8

## Details

- **CVE:** CVE-2023-23752
- **Vulnerability Type:** Information Disclosure
- **Affected Version:** Joomla! 4.2.8

## Usage

1. **Clone the repository:**
    ```
    git clone https://github.com/0x0jr/HTB-Devvortex-CVE-2023-2375-PoC.git
    ```

2. **Install dependencies:**
    ```
    pip install requests
    ```

3. **Run the PoC:**
    ```
    python3 exploit.py <target_url>
    ```

    Replace `<target_url>` with the URL of the target Joomla! instance.

## Example

```
python3 exploit.py http://dev.devvortex.htb/
```

File Snapshot


 [4.0K]  /data/pocs/3e0b5c63099ac386e0a8f90ed52a10749b105a65
├── [2.2K]  exploit.py
└── [1019]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!