POC详情: 2bef51ad3eb550176442207a665126b936a46b73

来源
https://github.com/rvizx/CVE-2023-40028
关联漏洞
标题: Ghost Foundation Ghost 后置链接漏洞 (CVE-2023-40028)
描述:Ghost Foundation Ghost是Ghost开源的一款用 JavaScript 编写的个人博客系统。 Ghost 5.59.1 版本之前存在后置链接漏洞,该漏洞源于允许经过身份验证的用户上传符号链接文件。攻击者利用该漏洞可以读取任意文件。
描述
CVE-2023-40028 PoC Exploit
介绍
# CVE-2023-40028 PoC Exploit
Symlink Upload Vulnerability in Ghost CMS Leading to Arbitrary File Read

![POC Image](https://www.zyenra.com/assets/img/CVE-2023-40028/poc.png)

## Vulnerability Details

**CVE-2023-40028** is a vulnerability in **Ghost CMS** versions prior to **5.59.1**, where authenticated users can upload symbolic links (symlinks) that lead to arbitrary file reading on the host system.  The vulnerability can be exploited by leveraging the upload feature in Ghost CMS to place a symlink pointing to sensitive files. Once the symlink is uploaded, attackers can access the target file via a crafted HTTP request to the server.

## Exploit Usage

```bash
git clone https://github.com/rvizx/CVE-2023-40028
cd CVE-2023-40028
python3 exploit.py --url <http://target-ghost-cms> -u <username> -p <password>
```

## References

- [CVE-2023-40028 on Mitre](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40028)
- Credits - [PoC Exploit by 0xyassine](https://github.com/0xyassine/CVE-2023-40028/)
文件快照

 [4.0K]  /data/pocs/2bef51ad3eb550176442207a665126b936a46b73
├── [4.9K]  exploit.py
└── [1014]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。