CVE-2023-48292 PoC — Admin Tools Application 跨站请求伪造漏洞

Source

Associated Vulnerability

Description

XWiki Admin Tools - CSRF to RCE

Readme

# CVE-2023-48292 Exploit 🛠️

![Python Version](https://img.shields.io/badge/python-3.x-blue.svg)

| CVE ID          | CVSS Score   | Discovered   | Affected Plugin  | Vulnerability Type |
|-----------------|--------------|--------------|------------------|--------------------|
| **CVE-2023-48292**  | ![High](https://img.shields.io/badge/9.8-High-red) | 01/03/2023   | Web Applications | 🐚 Command Injection  |

## Description 📜

**CVE-2023-48292** is a critical vulnerability that affects certain web applications, allowing an attacker to **inject arbitrary shell commands** into the target system. This exploit takes advantage of improper input validation in the `RunShellCommand` functionality, which leads to **command execution** on the server.

## Prerequisites 🧰

Before running this script, make sure you have the following dependencies installed:

- **Python 3.x**
  
To install required libraries, simply run:

```bash
pip install -r requirements.txt
```

This will install all necessary dependencies listed in the `requirements.txt` file.

## Usage 🚀

### Arguments

| Argument       | Description                                                     |
|----------------|-----------------------------------------------------------------|
| `target`       | **Required**: The target URL of the vulnerable web application. |
| `--exploit`    | Optional: If specified, attempts to exploit the vulnerability with the provided payload. |
| `--payload`    | Optional: A custom payload to exploit the vulnerability. Default is `echo 'testtesttest1234'`. |
| `--method`     | Optional: HTTP method to use (GET or POST). Default is `GET`.    |
| `--logfile`    | Optional: Path to a log file where results will be saved. Default is `exploit.log`. |

### Example

1. **Check if a target is vulnerable:**

```bash
python exploit.py https://vulnsite.com
```

2. **Attempt exploitation with a custom payload:**

```bash
python exploit.py https://vulnsite.com --exploit --payload "echo 'custompayload'"
```

3. **Use the POST method:**

```bash
python exploit.py https://vulnsite.com --method POST --exploit
```

## Exploit Details 🔍

This script checks whether the target URL is vulnerable to **CVE-2023-48292**. It sends a test payload to the server and inspects the response for evidence of command execution. If the server is vulnerable, the script will execute a shell command on the target system.

### Vulnerability Description

- **CVE-2023-48292** allows attackers to execute arbitrary shell commands on the target server via the `RunShellCommand` function. The flaw is due to improper input validation, enabling attackers to inject system commands directly.

### Technical Analysis 🧠

- The vulnerability allows arbitrary command execution on the target system, which could lead to a complete compromise of the server. This script sends a specially crafted payload that triggers the vulnerability, logging the response for verification.

## References 🔗

- **CVE Details**: [CVE-2023-48292 on CVE Details](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48292)
- **Vulnerability Information**: [CVE-2023-48292 on NVD](https://nvd.nist.gov/vuln/detail/CVE-2023-48292)

## License 📜

This script is intended for **educational purposes only**. Use responsibly and only on systems you have permission to test.

File Snapshot

 [4.0K]  /data/pocs/64e04c06629c5621a0eabac9a3f57aae0a71e544
├── [4.4K]  CVE-2023-48292.py
├── [1.6K]  CVE-2023-48292.yaml
├── [1.0K]  LICENSE
└── [3.3K]  README.md

0 directories, 4 files

Remarks