关联漏洞
标题:
ISPConfig 安全漏洞
(CVE-2023-46818)
描述:ISPConfig是一套基于Linux的开源主机控制面板,它可通过Web控制面板管理多台服务器、开设网站、监控服务器运行状况等。 ISPConfig 3.2.11p1 之前版本存在安全漏洞,该漏洞源于如果启用了 admin_allow_langedit,管理员可以在语言文件编辑器中实现 PHP 代码注入。
描述
CVE-2023-46818 | PoC | ISPConfig 3.2.11p1
介绍
# CVE-2023-46818 - ISPConfig PHP Code Execution | Exploit
## High Remote Code Execution in ISPConfig
### PoC implementation.
---
## Resume
ISPConfig versions <= 3.2.11 are vulnerable to an authenticated PHP code injection vulnerability via the records[] parameter in the /admin/language_edit.php endpoint.
---
## 🛠 Technical Breakdown
This endpoint does not properly validate user input. An attacker with valid credentials can submit a specially crafted request to the language editing functionality, injecting PHP code that gets written to a file on the server (commonly shell.php). This allows the attacker to execute arbitrary commands on the server, potentially leading to full system compromise. To mitigate this vulnerability, it is recommended to apply the latest ISPConfig updates and restrict access to the admin panel.
---
## 🔥 Vulnerable Endpoint
`http://<target>/admin/language_edit.php` — ISPConfig vulnerable endpoint
---
### 🚀 Launching the Exploit
Run the exploit script CVE-2024-47533.py.
```bash
python3 CVE-2023-46818.py -u <url> -U <username> -P <password>
```
### 💻 Successful Remote Shell Access
Upon successful execution, the reverse shell will connect back to the machine, granting the attacker remote access to the server.
文件快照
[4.0K] /data/pocs/8c47d731dbae5c8a6af0e64212b35fec7a188bba
├── [4.1K] CVE-2023-46818.py
└── [1.3K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。