Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-43187 PoC — NodeBB 安全漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-43187.yaml
Associated Vulnerability
Title:NodeBB 安全漏洞 (CVE-2023-43187)
Description:NodeBB是Design Create Play团队的一套使用Node.js(一套建立在Google V8 JavaScript引擎之上的网络应用平台)构建的论坛系统。 NodeBB v1.18.6之前版本存在安全漏洞,该漏洞源于存在远程代码执行(RCE)漏洞,攻击者可利用该漏洞通过设计XML-RPC请求执行任意代码。
Description
A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests.
File Snapshot

 id: CVE-2023-43187

info:
  name: NodeBB XML-RPC Request xmlrpc.php - XML Injection
  author: 0xPart

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.