CVE-2023-4220 PoC — Chamilo LMS 安全漏洞

Source

Associated Vulnerability

Description

This is an Exploit for Unrestricted file upload in big file upload functionality in Chamilo-LMS for this location "/main/inc/lib/javascript/bigupload/inc/bigUpload.php" in Chamilo LMS <= v1.11.24, and Attackers can obtain remote code execution via uploading of web shell.

Readme

# Chamilo-LMS-CVE-2023-4220-Exploit
This is an Exploit for Unrestricted file upload in big file upload functionality in Chamilo-LMS for this location `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24, and Attackers can obtain remote code execution via uploading of web shell. Then it will allows arbitrary files to be uploaded to /main/inc/lib/javascript/bigupload/files directory.

# Vulnerability POC
-You Can at first run the exploit to know how to use it like that:
```ruby
chmod +x CVE-2023-4220.sh
./CVE-2023-4220.sh
```
  ![1](https://github.com/Ziad-Sakr/Chamilo-LMS-CVE-2023-4220-Exploit/assets/60154552/ba4eb2fc-a36b-48df-8043-061214cb62cc)
-Then you need to enter the requeierd inputs like that: 
```ruby
~$ ./CVE-2023-4220.sh -f reverse_file -h host_link -p port_in_the_reverse_file
```
 ![11](https://github.com/Ziad-Sakr/Chamilo-LMS-CVE-2023-4220-Exploit/assets/60154552/ae4d2b5b-d401-4bb1-9ddc-725f039a7650)
-Here we can found the uploaded file in the server
```ruby
http://target.test/main/inc/lib/javascript/bigupload/files/
```
![5](https://github.com/Ziad-Sakr/Chamilo-LMS-CVE-2023-4220-Exploit/assets/60154552/7c1f1353-5a83-49e2-9803-d015c5cc72c8)

File Snapshot

 [4.0K]  /data/pocs/e40b6dfa900998f3211bdbb2913a3403f6a1548b
├── [2.4K]  CVE-2023-4220.sh
└── [1.2K]  README.md

0 directories, 2 files

Remarks