CVE-2023-30253 PoC — Dolibarr 操作系统命令注入漏洞

Source

https://github.com/g4nkd/CVE-2023-30253-PoC

Associated Vulnerability

Title:Dolibarr 操作系统命令注入漏洞 (CVE-2023-30253)
Description:Dolibarr是一个应用软件。一个现代软件包，可帮助管理您组织的活动。 Dolibarr 17.0.1之前版本存在安全漏洞，该漏洞源于可以通过大写操作远程执行代码。

Description

CVE-2023-30253 PoC

Readme

# CVE-2023-30253
CVE-2023-30253 PoC

# Description
This is my PoC for the CVE-2023-30253 (Dolibarr 17.0.0 PHP Code Injection), when the CMS Website plugin (core) is enabled, an authenticated attacker can obtain remote command execution via php code injection bypassing the application restrictions.

## Usage
```
python3 exploit.py -h
usage: exploit.py [-h] -lhost LHOST -lport LPORT -rhost RHOST -user USER -pass PASSWORD

Exploit for CVE-2023-30253

options:
  -h, --help      show this help message and exit
  -lhost LHOST    Local Host (this host will receive the shell)
  -lport LPORT    Local PORT
  -rhost RHOST    Rhost url, example: http://site.com/
  -user USER      Username for Dolibarr
  -pass PASSWORD  Password for Dolibarr
```

File Snapshot


 [4.0K]  /data/pocs/d3cb7200e287ad731cf19a767950f8e6023fcebc
├── [3.8K]  exploit.py
├── [ 743]  README.md
└── [  38]  requirements.txt

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!