Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-44871 PoC — moziloCMS 安全漏洞

Source
https://github.com/vances25/CVE-2024-44871
Associated Vulnerability
Title:moziloCMS 安全漏洞 (CVE-2024-44871)
Description:moziloCMS是moziloCMS开源的一个内容管理系统(CMS)。 moziloCMS v3.0版本存在安全漏洞,该漏洞源于组件/admin/index.php中存在任意文件上传漏洞,允许攻击者通过上传精心设计的文件来执行任意代码。
Readme
# MoziloCMS <= 3.0.1 Authenticated RCE

## Description

This script is an exploit tool designed for testing web applications running MoziloCMS. It allows an attacker to use admin logins to upload a PHP web shell via jpg file, rename the uploaded file to php, and send system commands to the target through the php file.

**⚠️ WARNING: This script is for educational purposes only. Use it responsibly and ensure you have proper authorization before testing any system. Unauthorized use is illegal and unethical.**

## How To Run
python3 main.py -u USERNAME -p PASSWORD -t TARGET_URL

ex: python exploit.py -u admin -p hunter2 -t http://example.com

note: DO NOT END URL WITH / and please specify http/https

## References
https://www.exploit-db.com/exploits/52096
https://nvd.nist.gov/vuln/detail/CVE-2024-44871
File Snapshot

 [4.0K]  /data/pocs/62933232cd5cf4c7bafa48917e9882b8a6494143
├── [3.6K]  main.py
├── [ 815]  README.md
└── [  17]  requirements.txt

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.