关联漏洞
标题:
ISPConfig 安全漏洞
(CVE-2023-46818)
描述:ISPConfig是一套基于Linux的开源主机控制面板,它可通过Web控制面板管理多台服务器、开设网站、监控服务器运行状况等。 ISPConfig 3.2.11p1 之前版本存在安全漏洞,该漏洞源于如果启用了 admin_allow_langedit,管理员可以在语言文件编辑器中实现 PHP 代码注入。
介绍
# CVE-2023-46818
ISPConfig - PHP Code Injection PoC Exploit (Bash)
### Introduction
`ISPConfig` versions <= 3.2.11 are vulnerable to an authenticated PHP code injection vulnerability via the `records[]` parameter in the `/admin/language_edit.php` endpoint. A malicious authenticated admin user can exploit this to inject arbitrary PHP code, leading to remote code execution. The vulnerability occurs due to unsanitized handling of language file input used in dynamically generated PHP code.
<br>
### Usage
```bash
git clone https://github.com/engranaabubakar/CVE-2023-46818.git
cd CVE-2023-46818
chmod +x exploit.sh
./exploit.sh http://$IP admin admin
```
<br>
Note: This exploit requires valid ISPConfig admin credentials and will deploy a command web shell accessible at `/admin/sh.php`. It provides a terminal-like interface for continuous command execution on the target system.
<br><br><br>
### Credits
Researcher: Rana Abu Bakar <br>
Original Advisory: https://karmainsecurity.com/KIS-2023-13 <br>
文件快照
[4.0K] /data/pocs/a6b2dd5dabbb106ca8b79187ecb95af657827963
├── [2.7K] exploit.sh
└── [1021] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。