CVE-2023-33831 PoC — FUXA 命令注入漏洞

Source

https://github.com/btar1gan/exploit_CVE-2023-33831

Associated Vulnerability

Title:FUXA 命令注入漏洞 (CVE-2023-33831)
Description:FUXA是一个开源的基于网络的过程可视化（SCADA/HMI/Dashboard）软件。 FUXA 1.1.13版本存在安全漏洞，该漏洞源于/api/runscript端点中存在远程命令执行(RCE)漏洞。攻击者可利用该漏洞通过设计POST请求执行任意命令。

Description

New exploit for FUXA v1.1.13 - Unauthenticated remote code excecution

Readme

# exploit_CVE-2023-33831
CVE-2023-33831

### Installation

```bash
git clone https://github.com/btar1gan/exploit_CVE-2023-33831
```
    
### Usage

```bash
# automatic
cd exploit_CVE-2023-33831/
#set your listener
python3 33831.py

# manual
nc -lvnp 1881
#set your listener on code param
copy the 33831.txt to repeater
```

File Snapshot


 [4.0K]  /data/pocs/41659eb53d09e1655e59908e2c429706b033f662
├── [1.1K]  33831.py
├── [ 882]  33831.txt
└── [ 323]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!