CVE-2023-46818 PoC — ISPConfig 安全漏洞

Source

Associated Vulnerability

Description

CVE-2023-46818 | PoC | ISPConfig 3.2.11p1

Readme

# CVE-2023-46818 - ISPConfig PHP Code Execution | Exploit

## High Remote Code Execution in ISPConfig    
### PoC implementation.

---

## Resume

ISPConfig versions <= 3.2.11 are vulnerable to an authenticated PHP code injection vulnerability via the records[] parameter in the /admin/language_edit.php endpoint.

---

## 🛠 Technical Breakdown

This endpoint does not properly validate user input. An attacker with valid credentials can submit a specially crafted request to the language editing functionality, injecting PHP code that gets written to a file on the server (commonly shell.php). This allows the attacker to execute arbitrary commands on the server, potentially leading to full system compromise. To mitigate this vulnerability, it is recommended to apply the latest ISPConfig updates and restrict access to the admin panel.

---

## 🔥 Vulnerable Endpoint

`http://<target>/admin/language_edit.php` — ISPConfig vulnerable endpoint

---

### 🚀 Launching the Exploit

Run the exploit script CVE-2024-47533.py.

```bash
python3 CVE-2023-46818.py -u <url> -U <username> -P <password>
```

### 💻 Successful Remote Shell Access

Upon successful execution, the reverse shell will connect back to the machine, granting the attacker remote access to the server.

File Snapshot

 [4.0K]  /data/pocs/8c47d731dbae5c8a6af0e64212b35fec7a188bba
├── [4.1K]  CVE-2023-46818.py
└── [1.3K]  README.md

0 directories, 2 files

Remarks