CVE-2023-26469 PoC — Jorani 路径遍历漏洞

Source

https://github.com/d0rb/CVE-2023-26469

Associated Vulnerability

Title:Jorani 路径遍历漏洞 (CVE-2023-26469)
Description:Jorani是法国Benjamin BALET个人开发者的一个休假管理系统。旨在为小型组织提供简单的休假和加班请求工作流程。 Jorani 1.0.0版本存在安全漏洞，该漏洞源于存在路径遍历漏洞。攻击者可利用该漏洞访问文件并在服务器上执行代码。

Description

CVE-2023-26469 REC PoC

Readme

# CVE-2023-26469 REC PoC


This repository contains an exploit script for CVE-2023-26469, which allows an attacker to leverage path traversal to access files and execute code on a server running Jorani 1.0.0. Additionally, the script includes shell upload functionality for further exploitation.

## Exploits Overview
- **CVE-2023-26469**: A critical vulnerability that enables remote code execution in Jorani 1.0.0. More details can be found in the [NVD report](https://nvd.nist.gov/vuln/detail/CVE-2023-26469).


## Disclaimer

These code is provided for educational purposes only. The intention is to demonstrate how vulnerabilities can be exploited for educational and security awareness purposes. Please refrain from using these exploits for any malicious activities.

File Snapshot


 [4.0K]  /data/pocs/56cafa1b31ce31ca826f7d6f66dc50d19c80680d
├── [1.0K]  PoC.py
└── [ 773]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!